The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Delete all mail by auth_id?

Discussion in 'E-mail Discussions' started by osirion, Sep 27, 2015.

  1. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    Hi guys,
    Every now and then a cPanel or mailbox account gets compromised sending tons of 'authorised mail'. Once detected, a (apparently) way to delete all the mail by an auth_id is:
    find /var/spool/exim/input -name "*-H" -exec grep -q "-auth_id AUTHID" {} \; -print | while read MSG; do exim -Mrm $(basename ${MSG%-H}); done
    However, when I run this, I get the following output:
    grep: invalid option -- 't'
    Usage: grep [OPTION]... PATTERN [FILE]...
    Try 'grep --help' for more information.

    This output repeats many times (I am assuming its repeating for each mail currently in the queue). What am I doing wrong?

    PS: I know how to delete mail 'from' someone or 'to' someone, but that isnt sufficient because malware generally uses spoofed addresses so hence the need to do it by the compromised auth_id.
     
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    275
    Likes Received:
    31
    Trophy Points:
    28
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    You just need to escape the dash in -auth_id
    Code:
    "\-auth_id AUTHID"
    Should do the trick
     
    osirion likes this.
  3. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    Thanks - I'll give that a shot :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    Seemed to work well, had to use it a couple of days ago. Seemed to only delete mail by specified auth_id, but I didnt verify it 100%. After running the command, checked my queue and it was its 'usual size' of about 90 and before the command was 5000+.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page