Delete mail from an exim mail queue

Here is a quick HowTo / TechTip for deleting all the mail from an exim mail queue!

After the issue I blogged about the other day, where a webserver was being used to generate spam, we were left with a lot of spam email in the servers mail queue awaiting delivery.

Amongst other things, this was then causing a performance hit on the server sending messages. I decided that the few real emails in the queue were on no importance and to just delete the whole lot.

Chances are as a sysadmin, its a job you may have to do at some point. This is how I cleaned out the exim queue on the webserver and then the one on the outbound mail server.

First off, take a look at your queue:

[user@www user] exim -bp

As the mail is spam we want to delete it, not empty the queue via SMTP as all the spam will sent to people and our server may be blacklisted.

Delete all the mail in the queue run:

[user@www user] exim -bpru | awk {'print $3'} | xargs exim -Mrm > deletedmail.txt

We can now check how many mails were removed by running:

[user@www user] wc -l deletedmail.txt
13416 deletedmail.txt

We have now deleted all 13416 mails in the queue and the server is as good as new. (Remember to fix the loop hole first, if you don’t you will soon have alot of spam in the queue again!)

The deletedmail.txt file will look something like this:

Message 1K3FYb-0000wH-CF has been removed
Message 1K3FYb-0000wH-6l has been removed
Message 1K3FYb-0000wH-3r has been removed
Message 1K3FYb-0000wH-1d has been removed

On the mail server, we want to remove all mail from the webserver only. To do this we modify the command line to grep for the sending address.

[user@mail user] exim -bpru | grep "" | awk {'print $3'} | xargs exim -Mrm > deletedmail.txt
[user@mail user] wc -l deletedmail.txt
73012 deletedmail.txt

So we have now removed 73012 mails from the mail servers queue. This means in my example here, we have saved the internet from 86428 spam emails.

A few other useful exim queue commands include:

exim -q # Flush waiting mail
exim -qf # Flush all mail
exim -qff # Flush even frozen mail

To remove frozen mail from the local spool, try this…

exim -bpru | grep "*** frozen ***" | awk {'print $3'} | xargs exim -Mrm > deletedmail-frozen.txt
(Visited 159 times, 1 visits today)

One Comment

  1. Pingback: Dealing with SPAM email abuse reports « JERVIS DOT WS JERVIS DOT WS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.