Hello, Here is one script I use:
===== purge_courier.sh #/bin/bash USAGE="Usage: $0 STRING" if [ $# -ne 1 ] then echo "$USAGE" exit 1 fi /etc/init.d/courier-mta stop cd /var/lib/courier rgrep -l "$1" msgs/*/D* | while read DATAFILE do CTLFILE=`basename $DATAFILE | sed 's/^D/C/g'` rm $DATAFILE find msg* -name "${CTLFILE}*" | xargs --no-run-if-empty rm echo "$DATAFILE supprime" done /etc/init.d/courier-mta start exit 0 ===== enf of purge_courier.sh This script is able to clean your queue using an expression. Most of the time, I'm able to clean queues with that. HTH. Jérôme Blion. Le 2015-06-16 11:18, alan milligan a écrit : > Hi, > > I've got some nasty spammer managing to send spam via my mail server > by somehow authenticating as root (if I understand the logs > correctly): > Jun 15 22:56:04 hostname courierd: > newmsg,id=000000000034D6E2.00000000557F9043.00005D5F, auth=ROOT: dns; > User (x.x-x-x.rdns.scalabledns.com [::ffff:x.x.x.x]) > > My authdaemon (latest version: 0.66.2) is configured with pam and > ldap (LOGIN auth only): but there is *no* password set for the root > user (it's RSA identity only). It would seem quite impossible that > this user really can be authenticated as root. > > Since they are authenticated, it seems I cannot simply block the IP > via smtpaccess. > > This user has caused the mail server to be on a number of blacklists > and these spam messages (along with legitimate traffic) are filling up > mail queues with multiple failed delivery attempts. Even setting > ESMTP_BLOCKBACKSCATTER to include authsmtp/dsn in courierd (latest > version: 0.74.2) configuration isn't actually stopping this. > > Whatsmore attempting cancelmsg (and I'm getting some thousands of > these) to flush the queue is proving pointless: because of the > blacklisting no DSN is going to get through to the recipient (spoofed > that it is). It would be great if there was an additional option in > cancelmsg simply to remove the msgid from the queue - with no DSN > processing at all. I'm having to stop courier and manually delete all > the msgs/msgq files. > > Any thoughts upon how I can stop this miscreant sending mail would be > greatly appreciated. > > Alan > ------------------------------------------------------------------------------ > > _______________________________________________ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users