On 2002-05-01 at 23:08 -0400, Tomasz Kosinski wrote:
> I have now located exiwhat, and the output shows
> messages which certainly do not originate from my machine, for example
>
> sanmarco# exiwhat
> 2423 delivering 1736Ar-0000d3-00 to mta3-mail.angelfire.com
> [209.185.123.71] (jhlzoju@???)
> 2451 delivering 1736E6-0000dV-00 to mx2.mail.lycos.com
> [209.185.123.147] (ojnotw@???)
> 2469 delivering 1736G4-0000dn-00 to mail-com.mr.outblaze.com
> [205.158.62.35] (pplvsxhjk@???)
> 2495 delivering 1736Iq-0000eD-00 to mta6-mail.angelfire.com
> [209.185.123.74] (ewkuejw@???)
> 2542 delivering 1736Q0-0000ey-00 to mta5-mail.angelfire.com
> [209.185.123.73] (rjiygqrvtb@???)
How do you know those machines did not originate locally? Perhaps
they're bounces?
Try "exim -bp 1736Q0-0000ey-00" to see the senders and recipients. Also
look at the "-Mvl", "-Mvh" and "-Mvb" options. All in spec.txt
> If i try to kill the process (the numbers are much higher than the
> current processes), I get
Ugh. Non-random pids. I thought Linux had advanced past that. Oh
well.
> I am sorry to say that I can't figue out how to use "fuser"...Is there
> one single lockfile which I should be looking for and which I can kill
> somehow, or is each message locked separately. I don't mind wiping out
> my whole queue, because, of course, I can't send out any mail anyhow.
Meep! Wiping out a _queue_, with all the mails, is rather drastic.
I've never seen a reason to do it. In one really dire situation, I had
to move aside the queue, create a new one, then feed stuff back in
carefully. That's it. Wiping the _hints_, which are merely hints, is
as all-out as you should ever need to go.
The best way, if you're that desperate, is to shut down exim entirely,
killing all the processes. Then run an "exim -Mrm" against the relevant
message-ids. If it's still locked, and you're _sure_ that these are
spam, then remove those files from the queue. This gets really
dangerous though.
sh# spooldir=`exim -bP spool_directory | cut -d ' ' -f 3`
and foreach of those messageids:
sh# find "$spooldir/input" -name '1736Q0-0000ey-00*' -print
That will tell you where they are. Use "rm". On your head be it.
> I really appreciate your help, because I am quite stuck here. Any idea
> how all these mails can get into a system?
Check the mails to see if they're bounces. Check the logs. If you're
an open mail relay, fix that.
--
Civilisation: where they cut down the trees and name streets after them.