Sometimes a user or a domain might be hijacked. Most common use of hijacked accounts is to send spam. After dealing with the account itself, you may find that there is a queue of hundeds or maybe thousands (in my case I got a record of 108K mails in queue) of mails waiting to be sent. How do you remove them without deleting legit mails from the queue ? Simple.
First we get a list of the mails in queue:
You will get an output like:
[root@server]# exim -bp 2h 2.5M 1YEeeo-001MGK-TX <email@example.com> firstname.lastname@example.org 2h 2.3M 1YEesn-001UUH-Ou <email@example.com> firstname.lastname@example.org
So we need to grep the evil mails
exim -bp | grep "email@example.com" | exiqgrep -i
Now you got a list of all mail IDs that needs to be deleted. Just delete them using the same command plus:
exim -bp | grep "firstname.lastname@example.org" | exiqgrep -i | xargs exim -Mrm