Sometimes a user or a domain might be hijacked. Most common use of hijacked accounts is to send spam. After dealing with the account itself, you may find that there is a queue of hundeds or maybe thousands (in my case I got a record of 108K mails in queue) of mails waiting to be sent. How do you remove them without deleting legit mails from the queue ? Simple.
First we get a list of the mails in queue:
1 | exim -bp |
You will get an output like:
1 2 3 4 5 6 | [root@server]# exim -bp 2h 2.5M 1YEeeo-001MGK-TX <xxx@xxx.com> xxx@xxx.com 2h 2.3M 1YEesn-001UUH-Ou <normal@email.com> some@mail.com |
So we need to grep the evil mails
1 | exim -bp | grep "evil@mail.here" | exiqgrep -i |
Now you got a list of all mail IDs that needs to be deleted. Just delete them using the same command plus:
1 | exim -bp | grep "evil@mail.here" | exiqgrep -i | xargs exim -Mrm |
That’s it.