Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hallo All, Seems I am under some 1

Status
Not open for further replies.
BIS

BIS

Technical User
Jun 1, 2001
1,893
NL
Hallo All,

Seems I am under some sort of dictionary attack.

# qmailctl stat
/service/qmail-send: up (pid 468) 24026 seconds
/service/qmail-send/log: up (pid 469) 24026 seconds
/service/qmail-smtpd: up (pid 470) 24026 seconds
/service/qmail-smtpd/log: up (pid 475) 24026 seconds
/service/qmail-pop3d: up (pid 477) 24026 seconds
/service/qmail-pop3d/log: up (pid 478) 24026 seconds messages in queue: 46632 messages in queue but not yet preprocessed: 0

I have a ton of messages in the queue. I have tried

qmailctl flush
qmailctl doqueue

Both inform me that

Sending ALRM signal to qmail-send.

But after this nothing happens. Could anyone enlighten me as to how I can flush this queue?


Many thanks for any ideas you might provide me.


 
Sort by date Sort by votes
BIS, bummer man.
I cleaned up one of these for a customer a few months ago. Not a big deal, but not fun...

Here's my methodology:
1) get your hands on two queue mgt tools:
(may need to compile)

2) shutdown all qmail services, just makes it easier.
3) Do a little grepping in /var/qmail/queue/mess/* to find a string that you think is representative of the messages that are fouling your queue
4) Trying running qmail-remove (with qmail offline!) (remember to DELETE!)
5) You should see the queue decreased afterwards.

Notes: There are cases where qmailctl will not properly shut down the qmail-send daemons in this case, you should "ps waux" for them to assure that they are off, otherwise use "svc -d" and then even "killall qmail-send" to rid them from your process tree. Otherwise, my experience is that the qmail-remove program doesn't delete as expected. Not erroneously, just not at all or not enough.

I'd be delighted to chat with you offline, my friend.
Best of luck!
Dave.




D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Also, be sure that you've disabled your double-bouncing and that your anti-virus engine is moving virii to quarantine or /dev/null without ANY further email being processed on that message. Otherwise, the attack will potentially continue to fill your queue.

:)



D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Oh, and sorry. The qmail-remove instructions should have a few caveats:

1) Choose matching strings as uniquely as you can to the spam. Don't choose stuff in headers, use it from content and forecast where you might overlap with legitimate content.

2) Run this several times for the various strings. Don't try to get 99% on the first run, chip away. Runs faster, stays sharper on the string matching criteria.

You probably thought of that, but it's worth putting in the thread for others.

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
thedaver,

Thank you!

I don't know why, but I had completely forgotten about qmail-remove and qmHandle.

Anyway,
Cleared out about 45000 mails from yahoo.com.tw and yahoo.com.hk

All is good now.

Thanks again.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RobertoK
  • Locked
  • Question
How can i convert GroupWise to PST?
Replies
0
Views
5K
RobertoK
RobertoK
OldGuy56
  • Locked
  • Question
Anyone Still Using Eudora? Embedded Image Problem
Replies
0
Views
9K
OldGuy56
OldGuy56
lassaad2k
  • Locked
  • Question
Mdaemon Integration with AD
Replies
0
Views
5K
lassaad2k
lassaad2k
wkszd
  • Locked
  • Question
Setting recurring, all day appointments
Replies
0
Views
74
wkszd
wkszd
Pancevo1956
  • Locked
  • Question
Resend some msg files to Microsoft Outlook how?
Replies
1
Views
83
intelwizrd
intelwizrd

Part and Inventory Search

Sponsor

Back
Top