Lähettäjä: Jasen Betts Päiväys: Vastaanottaja: exim-users Aihe: Re: [exim] How do you delete a large frozen queue?
On 2015-02-05, Steve Albin <stevea@???> wrote: >
> Hello.
>
> I tried searching the docs and the mailing list, unsuccessfully.
>
> One of the accounts on a linux server I run was hacked, and the hacker has
> sent many and now queued several hundred thousand spam emails.
>
> The disk holding exim ... /var/spool/exim ... is 100 percent full.
>
> The exim and exiqgrep commands still function, but there are so many messages
> that any attempt to form a pipe exits in error.
I use xargs with a limit of 1000
> Since I don't seem able to delete all messages from that sender, I am ready to
> delete all messages in the queue (or queues if that is the case; I am new to this).
exipick --unsorted -i '$authenticated_sender == the_bad_guy' |
xargs --max-procs=20 --max-args=1000 /usr/sbin/exim -Mrm
> I can delete and re-create the directories /var/spool/exim/input and /var/spool/exim/msglog
> but I don't know if there is anything needed inside those directories.
>
> Any suggestions by someone knowledgeable?
there is nothing essential in var/spool/exim, if you want to nuke
everything:
# find /var/spool/exim -type f -delete
then restart exim
You'll loose retry hints but that's not a big loss. you'll also loose
undelivered emails which may make you unpopular with some.