Ted Cooper wrote: > On Wed, 2009-11-25 at 10:09 -0800, chuza wrote: >> I am managing a cPanel server where someone has uploaded a script that >> flooded the queue with spam messages. There are currently around 10000 >> messages in the queue and each msg ID has a random sending address and >> different sending domains but recipient addresses have a pattern. All >> recipient addresses are @mail.ru addresses. >> I do not want to flush the entire queue since there are valid emails as >> well, can anybody tell me a command that will remove all emails from the >> queue sent to @mail.ru addresses. > > Never used it before but a "man exipick" gave me the answer pretty quick > > exipick -i '$each_recipients = mail.ru' | exgars exim -Mrm > > Possibly. I don't actually have anything in a queue to test it on. > > You might might want to look into ratelimit on submissions to prevent > the situation again. > >
Presuming none of the 'legitimate' messages are for @mail.ru, I'd be sore tempted to stop the queue runner, add a manual route to /dev/null for that domain.tld, restart exim, and let nature take its course at its own sweet pace. Meanwhile, back at the ranch - disable response to such scripts, require any client who thinks they need one to vet it with mailadmin / sysadmin first....or something similarly clue-bat-ish that lets you regain control at the input side instead of the output side. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
