If you have over 1k messages in queue and want to nuke them its best to :rip_curl said:
1 - stop chkservd from restarting exim when you stop it in step 2 (/etc/init.d/chkservd stop)
2 - stop exim (/etc/rc.d/init.d/exim stop)
3 - Nuke the queue yourself:
cd /var/spool/exim/input
You'll see a directory for every case of every letter that has a corresponding message id beginning with that letter.
just rm -rf * then re-start exim, or use a utility like find to just remove messages over xx minutes old (past 90-120 mins would be a good candidate).
Cpanel's utility removes the queue without actually taking exim down, which takes much longer and is impractical when cleaning out a huge queue (and not too load friendly either)
Even if you're removing the queue, once an hour every hour exim is going to try to deliver them. If the mail queue is huge you're better off doing it through ssh.
I wrote this a while ago and never posted it anywhere (actually forgot I had it) which can help keep exim's queue from looming too big.
Code:
#!/bin/bash
# Simple Exim Queue Cleaner
# copyrighting this would be pitiful.
# Set trip for however many minutes a queued message should be allowed to live ...
trip=120
counter=0
[ -d "/var/spool/exim/input" ] || exit 1
echo "Scanning exim's queue for messages aging at or over $(($trip +1 )) minutes."
cd /var/spool/exim/input
for message in `find ? -cmin +$trip -print`; do
if [ -f "$message" ]; then
let "counter += 1"
if [ "$1" = "--show" ]; then
echo -en "$message\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
fi
rm -f $message`
let "i += 1"
fi
done
let "i = $i / 2"
echo "Done. $i stale emails nuked."The above takes a --show as argv[1] to produce output as it goes, else just send to /dev/null in a cron with no arguments.
HTH
This is probably obvious, but just in case I've edited the post to add :
don't forget to restart chkservd
Last edited:
It is more important to know why your queue is large. Spammers on your server could be one reason among many others.
Agreed and I would like to add, the above stuff I posted is just the last line of defense in case you're out having drinks and some ignorant pleab fills up your mail queue.lloyd_tennison said:
An over active queue could come from :
Spammers
Hosting forums falling victim to many robot sign ups
insecure contact forms
All kinds of wonderful things. exim_mainlog will tell you what you need to know
An over active queue is symptomatic of something larger... unless you just have a REALLY full server.You really need to get an admin to look. Something is sending an enormous amount of email and all of the exim (and subsequent processes to catch all the bounces) are preventing other services from forking.rip_curl said:
I would (on a hunch) try
/usr/sbin/lsof | grep /home as root .. and look for things like email.txt , emails.txt
If that fails replace home with tmp ..
You could also try lsof -I (cap i ) and check open inet sockets to see if someone's left you a present sending emails ..
Someone is abusing your mailer. You need to find out who and null route that MX quickly or the bounced emails will continue to flood the server long after you terminate the account. Hopefully the ttl's aren't too high.
Step 1 - find them
Step 2 - Suspend them
Step 3 - Remove their MX entry right away and reload the zone.
Step 4 - 40 mins later term the account, and all should stop.
That should save you the 4 hours (default ttl) of bounced emails coming back at your server.
If this is a "nobody" spammer (i.e. not sent with anything using suexec) then just term the vhost. There shouldn't be a MX record for the server's hostname .. so once you nuke em it'll quiet down
Hope this helps
Again - I'd get an admin.
Last edited:
your toolbox for catching a spammer is going to be learning exim's log format, and seeing what you can do with lsof and grep.
try man lsof (lists open files) to see what you can do. Its a great birds eye view on what everyone has open (and what applications (like exim) are using it.
Good luck
try man lsof (lists open files) to see what you can do. Its a great birds eye view on what everyone has open (and what applications (like exim) are using it.
Good luck
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| M | Email pipe to PHP script stop working suddenly | 4 | ||
| D | How do I Stop Outgoing email suspensions | 8 | ||
| A | stopping users from deleting email | 1 | ||
| K | How to stop emails deleting from the server? | 1 | ||
| J | deleting old email forwarders doesn't stop spam | 3 |