1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to delete mail from mail queue?

Discussion in 'E-mail Discussions' started by julzk, Oct 18, 2004.

  1. julzk

    julzk New Member

    Joined:
    Oct 8, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Does anyone know what commands I must type to delete mail from the mail queue which is located somewhere around the /var/spool/exim/ area? Each time I goto delete mail from WHM, it takes an extreme length of time. And pushes server load average to around 11.xx from it's normal 0.x to 1.x load. I know there's a way to remove it from root access in shell quickly and easily, can anyone help me with this?

    *Reason why I must do this is because there are over 100,000 emails in the mail queue from when spam was being sent and received from the server. Now it's must better since i've managed to stop most of it. But in the mean time, please can someone help please?
     
  2. lloyd_tennison

    Joined:
    Mar 12, 2004
    Messages:
    716
    Likes Received:
    1
    Trophy Points:
    18
    If you stop exim, you can then remove all the files - but you must also remove the database/index files at /var/spool/exim/db - otherwise you will get errors. I also recommend running /scripts/mailperm as that will help clean up the mess left over.
     
  3. nickn

    nickn Member

    Joined:
    Jun 15, 2003
    Messages:
    642
    Likes Received:
    1
    Trophy Points:
    18
    Just do :

    rm /var/spool/exim/input/

    Keep exim running while you do this, that way it won't delete the directory or anything. :)
     
  4. julzk

    julzk New Member

    Joined:
    Oct 8, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    root@net1-sgstx [/var/spool/exim]# rm /var/spool/exim/input/
    rm: remove directory `/var/spool/exim/input/'? y
    rm: cannot remove directory `/var/spool/exim/input/': Is a directory
    root@net1-sgstx [/var/spool/exim]#

    I tried the above and it didn't work. I am thinking I must use the command rm -r /var/spool/exim/input/ yeah?
     
    #4 julzk, Oct 18, 2004
    Last edited: Oct 18, 2004
  5. nickn

    nickn Member

    Joined:
    Jun 15, 2003
    Messages:
    642
    Likes Received:
    1
    Trophy Points:
    18
    now run "exim -btc"

    Most emails should be gone :)
     
  6. julzk

    julzk New Member

    Joined:
    Oct 8, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I tried the command and it didnt work
     
  7. nickn

    nickn Member

    Joined:
    Jun 15, 2003
    Messages:
    642
    Likes Received:
    1
    Trophy Points:
    18
    Sorry that should have been:

    Code:
    exim -bpc
    Typo. :)
     
  8. julzk

    julzk New Member

    Joined:
    Oct 8, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    yes, but the command to delete the input dir and contents in it?

    I tried the one you mentioned:

    rm /var/spool/exim/input/

    And it did not work. Gave me an error, I then tried it with: rm -r /var/spool/exim/input/

    and it started to work but prompted me on every email if I wanted to delete it.
     
  9. nickn

    nickn Member

    Joined:
    Jun 15, 2003
    Messages:
    642
    Likes Received:
    1
    Trophy Points:
    18
    Do "rm -rf /var/spool/exim/input/"

    As long as you keep exim running, it will *not* delete the directory.
     
  10. julzk

    julzk New Member

    Joined:
    Oct 8, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Ok, job is done.. I have cleared the queue and things are running back to normal. The problem I am having is spam is being sent from the server and to the server. I have installed an addon to exim which has now stabalised the server and sits nicely around the 0.44 load mark. But I still have the problem where the mail queue is still being filled up fast with spam mail. How can I stop this?
     
  11. lloyd_tennison

    Joined:
    Mar 12, 2004
    Messages:
    716
    Likes Received:
    1
    Trophy Points:
    18
    Shut down the account doing the sending.

    If viruses - use an antivirus.

    What addon are you talking about?

    If above not enough, everything from SpamAssassin, etc. What kind of SPAM?
     
  12. lloyd_tennison

    Joined:
    Mar 12, 2004
    Messages:
    716
    Likes Received:
    1
    Trophy Points:
    18
    It would be a lot easier to DO stop exim and simply:

    #cd /var/spool/exim/input
    # rm -f *


    If ever worried about deleting directory simply change to it. You cannot delete the directory you are in while you are in it.
     
  13. RandyO

    RandyO Member

    Joined:
    Jun 17, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    If you are dealing with a spammer on your server, now is not the time to be learning about server administration, you need to get someone that knows what they are doing and do this ASAP. You will end up either put on 1 or more RBL, have your IP's blacklisted or you could ultimately lose your server. None of these options are in your customers best interest. If you need a recommendation I have a couple really good guys I have used in the past.
     
  14. matt621

    matt621 Member

    Joined:
    Jun 25, 2003
    Messages:
    176
    Likes Received:
    0
    Trophy Points:
    16
    I don't think it's a spammer on the box he's talking about. I've had the same problem from time to time. The problem is spam bounces. Spammer sends 2000 emails to bob@domain.com, sam@domain.com, etc. Just junk. domain.com bounces them back to the originator, which bounces them back to the admin for the box.
     
  15. Host4u2

    Host4u2 Member

    Joined:
    Mar 24, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Most of the queue is probably bounces of bounces--which get frozen. In other words, mail that came to your server and failed, then your server sent it back but that failed too so it has nowhere to go. Instead of failing such messages, we resolved this same issue as follows:

    First, change all your email accounts default account to :blackhole:

    Example: to change all accounts with the default set as :fail: to :blackhole:
    The command to do this is:

    replace :blackhole: :fail: -- /etc/valiases/*
    replace /dev/null -- /etc/valiases/*

    Also, via WHM/Server Setup/Tweak Settings:
    Set Default catch-all/default address behavior for new accounts to Blackhole.

    Another thing you can do is change 'timeout_frozen_after = 7d' in exim.conf to something like 3d (days) instead of a week. This makes exim remove frozen messages after x number of days.

    We use RVskin, which also allows us to remove the ability to change the Default catch-all/default address behavior from client's Cpanel options.
     
  16. matt621

    matt621 Member

    Joined:
    Jun 25, 2003
    Messages:
    176
    Likes Received:
    0
    Trophy Points:
    16
    Yes, that's exactly what we had to do. With 1000 domains on the box, it was a major nightmare to go in and set them all to blackhole. But it did solve the problem. Also on the new box, we learned our lesson and set the deafult in WhM to :blackhole: (which wasn't an option when we put the first box on line. )

    What we (and everyone else who has this problem) need is a script or something that will change all "user_id@domain.com" (which is the default default email address) to :blackhole:. That would solve the problem instantly.
     
  17. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You really should be setting them to :fail: not :blackhole:, which is not the optimal setting.

    Also, if you want to clear the exim mail queue, it's just as easy to WHM > Manage Mail Queue > Delete All Messages in Queue ;)
     
  18. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    ...and here's a script I just knocked up to replace all domains Default Addresses with :fail:
    Code:
    #!/usr/bin/perl
    print "Converting all domain Default Accounts to :fail: ...";
    opendir (DIR, "/etc/valiases/") or die;
    while (my $file = readdir (DIR)) {
    	if ($file =~ /^\./) {next}
    	open (IN, "</etc/valiases/$file") or die;
    	my @data = <IN>;
    	close (IN);
    	open (OUT, ">/etc/valiases/$file") or die;
    	foreach my $line (@data) {
    		if ($line =~ /^\*\:/) {
    			print OUT "*: :fail:\n";
    		} else {
    			print OUT $line;
    		}
    	}
    	close (OUT);
    }
    print "Done!\n";
    Tested fine for me. Use at your own risk. That means, backup /etc/valiases first ;)
     
  19. Host4u2

    Host4u2 Member

    Joined:
    Mar 24, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    :fail: does NOT prevent replies (rejections) being froze in the queue. I know from experience first hand (after believing in :fail:) that :blackhole: is what it says... and does not send a failure notice.
     
  20. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Then there is either something wrong with your exim configuration, or you need to re-order the ACL's, because :fail: should not, and does not, generate a bounce email if it performs the verify=recipient at the RCPT stage of the SMTP protocol exchange.
     

Share This Page