[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [exim] help -- need to filter/flush spam out of my queue
From:       W B Hacker <wbh () conducive ! org>
Date:       2009-11-26 14:43:19
Message-ID: 4B0E9407.4050700 () conducive ! org
[Download RAW message or body]

Ted Cooper wrote:
> On Wed, 2009-11-25 at 10:09 -0800, chuza wrote:
>> I am managing a cPanel server where someone has uploaded a script that
>> flooded the queue with spam messages. There are currently around 10000
>> messages in the queue and each msg ID has a random sending address and
>> different sending domains but recipient addresses have a pattern. All
>> recipient addresses are @mail.ru addresses.
>> I do not want to flush the entire queue since there are valid emails as
>> well, can anybody tell me a command that will remove all emails from the
>> queue sent to @mail.ru addresses.
> 
> Never used it before but a "man exipick" gave me the answer pretty quick
> 
> exipick -i '$each_recipients = mail.ru' | exgars exim -Mrm
> 
> Possibly. I don't actually have anything in a queue to test it on.
> 
> You might might want to look into ratelimit on submissions to prevent
> the situation again.
> 
> 

Presuming none of the 'legitimate' messages are for @mail.ru, I'd be sore 
tempted to stop the queue runner, add a manual route to /dev/null for that 
domain.tld, restart exim, and let nature take its course at its own sweet pace.

Meanwhile, back at the ranch - disable response to such scripts, require any 
client who thinks they need one to vet it with mailadmin / sysadmin first....or 
something similarly clue-bat-ish that lets you regain control at the input side 
instead of the output side.

Bill



-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]