One of my servers has once again been had by the unwashed idiots who like sending spam and have left me with a fairly significant mail queue to try and clear out.
The last time this happened there were 200,000 mails in the queue totalling a couple of gig so on that occasion I decided to remove the queue and create a new one. I didn't write that one up but maybe I ought to at some point. Because this issue seems to be a little more manageable (a mear 18,000 and 300mb) I have decided to try and clear things up rather than create a new queue.
The most important thing to do in this situation (IMHO) is to stop the server from sending spam out, identify the source of the issue which has allowed someone to send the spam then "fix" the queue. This write up assumes that the first 2 items have been dealt with.
As always with the stuff I put here, it worked for me, your milage may vary.
The first thing to do is find some pattern to search for in order to clean the crap from your queue;
cd /var/qmail/queue/mess/0
ls
This will give you a load of files with numeric ids, pick a few at random and
less <filename>
Look through and see if there is anything that looks out of place (like it's spam). In this particular instance (as I write this up)I found most of the spam had one of the following strings in it;
Subject: Exception Notification
Subject: Logistics Delivery Notification
Subject: Mail Notification Service
The problem had been caused by a crap php "contact us" page so a large amount of the mail appeared to come from anonymous@myservername.com. So I ran the following line first with the anonymous email address as the string then with 'Notification' as the string. I fully intending to go back in and see what was left;
find -type f -exec grep -q 'YOUR_STRING_HERE' '{}' \; -exec rm -f '{}' \;
It turns out however that this only left me with 41 emails in the queue so I decided not to bother.
Just for reference this line should give you the current length of your mail queue.
/var/qmail/bin/qmail-qstat
logs are at
/usr/local/psa/var/log/maillog
/usr/local/psa/var/log/smtp_pendings.log
GW
No comments:
Post a Comment