Hello,
Here is one script I use:
===== purge_courier.sh
#/bin/bash
USAGE="Usage: $0 STRING"
if [ $# -ne 1 ]
then
echo "$USAGE"
exit 1
fi
/etc/init.d/courier-mta stop
cd /var/lib/courier
rgrep -l "$1" msgs/*/D* | while read DATAFILE
do
CTLFILE=`basename $DATAFILE | sed 's/^D/C/g'`
rm $DATAFILE
find msg* -name "${CTLFILE}*" | xargs --no-run-if-empty rm
echo "$DATAFILE supprime"
done
/etc/init.d/courier-mta start
exit 0
===== enf of purge_courier.sh
This script is able to clean your queue using an expression.
Most of the time, I'm able to clean queues with that.
HTH.
Jérôme Blion.
Le 2015-06-16 11:18, alan milligan a écrit :
> Hi,
>
> I've got some nasty spammer managing to send spam via my mail server
> by somehow authenticating as root (if I understand the logs
> correctly):
> Jun 15 22:56:04 hostname courierd:
> newmsg,id=000000000034D6E2.00000000557F9043.00005D5F, auth=ROOT: dns;
> User (x.x-x-x.rdns.scalabledns.com [::ffff:x.x.x.x])
>
> My authdaemon (latest version: 0.66.2) is configured with pam and
> ldap (LOGIN auth only): but there is *no* password set for the root
> user (it's RSA identity only). It would seem quite impossible that
> this user really can be authenticated as root.
>
> Since they are authenticated, it seems I cannot simply block the IP
> via smtpaccess.
>
> This user has caused the mail server to be on a number of blacklists
> and these spam messages (along with legitimate traffic) are filling up
> mail queues with multiple failed delivery attempts. Even setting
> ESMTP_BLOCKBACKSCATTER to include authsmtp/dsn in courierd (latest
> version: 0.74.2) configuration isn't actually stopping this.
>
> Whatsmore attempting cancelmsg (and I'm getting some thousands of
> these) to flush the queue is proving pointless: because of the
> blacklisting no DSN is going to get through to the recipient (spoofed
> that it is). It would be great if there was an additional option in
> cancelmsg simply to remove the msgid from the queue - with no DSN
> processing at all. I'm having to stop courier and manually delete all
> the msgs/msgq files.
>
> Any thoughts upon how I can stop this miscreant sending mail would be
> greatly appreciated.
>
> Alan
> ------------------------------------------------------------------------------
>
> _______________________________________________
> courier-users mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
------------------------------------------------------------------------------
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
