On 2015-02-05, Steve Albin <[email protected]> wrote: > > Hello. > > I tried searching the docs and the mailing list, unsuccessfully. > > One of the accounts on a linux server I run was hacked, and the hacker has > sent many and now queued several hundred thousand spam emails. > > The disk holding exim ... /var/spool/exim ... is 100 percent full. > > The exim and exiqgrep commands still function, but there are so many messages > that any attempt to form a pipe exits in error.
I use xargs with a limit of 1000 > Since I don't seem able to delete all messages from that sender, I am ready to > delete all messages in the queue (or queues if that is the case; I am new to > this). exipick --unsorted -i '$authenticated_sender == the_bad_guy' | xargs --max-procs=20 --max-args=1000 /usr/sbin/exim -Mrm > I can delete and re-create the directories /var/spool/exim/input and > /var/spool/exim/msglog > but I don't know if there is anything needed inside those directories. > > Any suggestions by someone knowledgeable? there is nothing essential in var/spool/exim, if you want to nuke everything: # find /var/spool/exim -type f -delete then restart exim You'll loose retry hints but that's not a big loss. you'll also loose undelivered emails which may make you unpopular with some. -- umop apisdn -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
