Author: W B Hacker Date: To: exim-users Subject: Re: [exim] help -- need to filter/flush spam out of my queue
Ted Cooper wrote: > On Wed, 2009-11-25 at 10:09 -0800, chuza wrote:
>> I am managing a cPanel server where someone has uploaded a script that
>> flooded the queue with spam messages. There are currently around 10000
>> messages in the queue and each msg ID has a random sending address and
>> different sending domains but recipient addresses have a pattern. All
>> recipient addresses are @mail.ru addresses.
>> I do not want to flush the entire queue since there are valid emails as
>> well, can anybody tell me a command that will remove all emails from the
>> queue sent to @mail.ru addresses.
>
> Never used it before but a "man exipick" gave me the answer pretty quick
>
> exipick -i '$each_recipients = mail.ru' | exgars exim -Mrm
>
> Possibly. I don't actually have anything in a queue to test it on.
>
> You might might want to look into ratelimit on submissions to prevent
> the situation again.
>
>
Presuming none of the 'legitimate' messages are for @mail.ru, I'd be sore
tempted to stop the queue runner, add a manual route to /dev/null for that
domain.tld, restart exim, and let nature take its course at its own sweet pace.
Meanwhile, back at the ranch - disable response to such scripts, require any
client who thinks they need one to vet it with mailadmin / sysadmin first....or
something similarly clue-bat-ish that lets you regain control at the input side
instead of the output side.
