Here is a quick HowTo / TechTip for deleting all the mail from an exim mail queue!
After the issue I blogged about the other day, where a webserver was being used to generate spam, we were left with a lot of spam email in the servers mail queue awaiting delivery.
Amongst other things, this was then causing a performance hit on the server sending messages. I decided that the few real emails in the queue were on no importance and to just delete the whole lot.
Chances are as a sysadmin, its a job you may have to do at some point. This is how I cleaned out the exim queue on the webserver and then the one on the outbound mail server.
First off, take a look at your queue:
[user@www user] exim -bp
As the mail is spam we want to delete it, not empty the queue via SMTP as all the spam will sent to people and our server may be blacklisted.
Delete all the mail in the queue run:
[user@www user] exim -bpru | awk {'print $3'} | xargs exim -Mrm > deletedmail.txt
We can now check how many mails were removed by running:
[user@www user] wc -l deletedmail.txt 13416 deletedmail.txt
We have now deleted all 13416 mails in the queue and the server is as good as new. (Remember to fix the loop hole first, if you don’t you will soon have alot of spam in the queue again!)
The deletedmail.txt file will look something like this:
Message 1K3FYb-0000wH-CF has been removed Message 1K3FYb-0000wH-6l has been removed Message 1K3FYb-0000wH-3r has been removed Message 1K3FYb-0000wH-1d has been removed
On the mail server, we want to remove all mail from the webserver only. To do this we modify the command line to grep for the sending address.
[user@mail user] exim -bpru | grep "" | awk {'print $3'} | xargs exim -Mrm > deletedmail.txt
[user@mail user] wc -l deletedmail.txt
73012 deletedmail.txt
So we have now removed 73012 mails from the mail servers queue. This means in my example here, we have saved the internet from 86428 spam emails.
A few other useful exim queue commands include:
exim -q # Flush waiting mail exim -qf # Flush all mail exim -qff # Flush even frozen mail
To remove frozen mail from the local spool, try this…
exim -bpru | grep "*** frozen ***" | awk {'print $3'} | xargs exim -Mrm > deletedmail-frozen.txt






 
			
Pingback: Dealing with SPAM email abuse reports « JERVIS DOT WS JERVIS DOT WS