From: Michael Breton (mbretoncommtel.net)
Date: Fri Jan 02 2004 - 10:55:57 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: jparsonssutv.com [mailto:jparsonssutv.com]
> Sent: Friday, January 02, 2004 11:44 AM
> To: postfix-userspostfix.org
> Subject: que fill up problem
>
>
> Hello everyone...
>
> I was wondering if someone might be able to help me figure
> out a good way
> to clean out some mail in the queues.
>
> I have a user that is infected with a virus, I have blocked
> thier access
> for now until they are clean, however i didn't get it
> shutdown before they
> filled up the mail queues with tons of junk mail all
> addressed to aol.com
> users. the emails forge the senders address, and the
> receipient addresses
> of the emails, are random or seem to be. the only constant on all the
> headers would be the IP address that the messages were sent from.
> so my question...
>
> is there a command or way to remove all mail from the queues that were
> sent from that IP address?

In my experience, viruses like this are all roughly the same size. You
could use that as a parameter to identify the infected emails. You may lose
legitimate email using this method.

A longer, but more precise method is to grep the log for emails from your
customer, awk for the queueid, postsuper -h the queueids, scan the held mail
for anything that is legitimate and unhold it using postsuper -H, and then
postsuper -d those queueids that are still held.

There is still a chance of deleting legitimate email with this second
method, but it is a lot better than the first one.

Hope this helps...

Michael Breton
Commtel

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]