[BlueOnyx:04692] Script to Clean mqueue , Spam Flood

[Rodrigo Ordonez Licona]

Hi,

I recently found a user who gave away his password without knowing it, the
inmediate result, 170k emails in /var/spool/mqueue.in (incoming mailqueue
mailscanner installed)... And slow email delivery...

I blocked out the user, however emails came from different Ips so I had
legitimate emails inside the 170k email queue.

After googling for a script to clean the mess, I found this one which I
would like to share with you.

It is all in one line beware of line wraping, You can use and email address
to search for the offending email, ipaddress, email content, hopefully after
studying the spam emails you can find a text string that can be found on
every email that the spammer sent (I was lucky this time...).

This example looks for certain text on the qf file and deletes the
corresponding df file on the queue.(you can switch it all the way around)..
Replace string_or_offending_email for your text.

It might not be elegant but It helped me a lot and I hope it helps someone
else.


find /var/spool/mqueue.in/ -name 'qf*' -exec echo grep -i
'string_or_offending_email' {} \> /dev/null \&\& echo {} \; | sh | awk
'{s=$0;sub("qf", "df", s); print "rm " $0 " " s;}' | sh


Regards

Rodrigo O
Xnet