Hello,

Here is one script I use:

===== purge_courier.sh
#/bin/bash

USAGE="Usage: $0 STRING"

if [ $# -ne 1 ]
then
         echo "$USAGE"
         exit 1
fi

/etc/init.d/courier-mta stop
cd /var/lib/courier
rgrep -l "$1" msgs/*/D* | while read DATAFILE
do
   CTLFILE=`basename $DATAFILE | sed 's/^D/C/g'`
   rm $DATAFILE
   find msg* -name "${CTLFILE}*" | xargs --no-run-if-empty rm
   echo "$DATAFILE supprime"
done
/etc/init.d/courier-mta start
exit 0
===== enf of purge_courier.sh

This script is able to clean your queue using an expression.
Most of the time, I'm able to clean queues with that.

HTH.
Jérôme Blion.




Le 2015-06-16 11:18, alan milligan a écrit :
> Hi,
> 
>  I've got some nasty spammer managing to send spam via my mail server
> by somehow authenticating as root (if I understand the logs
> correctly):
>  Jun 15 22:56:04 hostname courierd:
> newmsg,id=000000000034D6E2.00000000557F9043.00005D5F, auth=ROOT: dns;
> User (x.x-x-x.rdns.scalabledns.com [::ffff:x.x.x.x])
> 
>  My authdaemon (latest version: 0.66.2) is configured with pam and
> ldap (LOGIN auth only): but there is *no* password set for the root
> user (it's RSA identity only). It would seem quite impossible that
> this user really can be authenticated as root.
> 
>  Since they are authenticated, it seems I cannot simply block the IP
> via smtpaccess.
> 
>  This user has caused the mail server to be on a number of blacklists
> and these spam messages (along with legitimate traffic) are filling up
> mail queues with multiple failed delivery attempts. Even setting
> ESMTP_BLOCKBACKSCATTER to include authsmtp/dsn in courierd (latest
> version: 0.74.2) configuration isn't actually stopping this.
> 
> Whatsmore attempting cancelmsg (and I'm getting some thousands of
> these) to flush the queue is proving pointless: because of the
> blacklisting no DSN is going to get through to the recipient (spoofed
> that it is). It would be great if there was an additional option in
> cancelmsg simply to remove the msgid from the queue - with no DSN
> processing at all. I'm having to stop courier and manually delete all
> the msgs/msgq files.
> 
> Any thoughts upon how I can stop this miscreant sending mail would be
> greatly appreciated.
> 
> Alan
> ------------------------------------------------------------------------------
> 
> _______________________________________________
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

------------------------------------------------------------------------------
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to