Re: [exim] How do you delete a large frozen queue?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jasen Betts
Datum:  
To: exim-users
Betreff: Re: [exim] How do you delete a large frozen queue?
On 2015-02-05, Steve Albin <stevea@???> wrote:
>
> Hello.
>
> I tried searching the docs and the mailing list, unsuccessfully.
>
> One of the accounts on a linux server I run was hacked, and the hacker has
> sent many and now queued several hundred thousand spam emails.
>
> The disk holding exim ... /var/spool/exim ... is 100 percent full.
>
> The exim and exiqgrep commands still function, but there are so many messages
> that any attempt to form a pipe exits in error.


I use xargs with a limit of 1000

> Since I don't seem able to delete all messages from that sender, I am ready to
> delete all messages in the queue (or queues if that is the case; I am new to this).


exipick --unsorted -i '$authenticated_sender == the_bad_guy' |
xargs --max-procs=20 --max-args=1000 /usr/sbin/exim -Mrm

> I can delete and re-create the directories /var/spool/exim/input and /var/spool/exim/msglog
> but I don't know if there is anything needed inside those directories.
>
> Any suggestions by someone knowledgeable?


there is nothing essential in var/spool/exim, if you want to nuke
everything:

# find /var/spool/exim -type f -delete

then restart exim

You'll loose retry hints but that's not a big loss. you'll also loose
undelivered emails which may make you unpopular with some.

--
umop apisdn