postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: can withholding mails ( postsuper -h ... ) he

Re: can withholding mails ( postsuper -h ... ) help with tens of thousands of spam mails hogging mailq

From: Reinaldo de Carvalho <reinaldoc_at_nospam>
Date: Fri Oct 22 2010 - 02:52:17 GMT
To: sunhux G <sunhux@gmail.com>

On Thu, Oct 21, 2010 at 10:36 PM, sunhux G <sunhux@gmail.com> wrote:
>
> Question1:
> --------------
> Title: tens of thousands of spoof/spam mails hog up mailq :
> will 'postsuper -h' placed in a crontab help ?
>
> I have a case where tens of thousands of spam & spoof emails jammed up my
> Linux SMTP mail queue (not that I don't have an anti-spam policy but many
> of these mails are innocently/accidentally blasted over by internal
> colleagues):
> mailq | grep MAILER | wc -l ==> tens of thousands
>
> This caused genuine emails (which is usually a couple hundreds only)
> to queue up & not being processed because the it will take forever
> to scan from the top to the end of the mailq with tens of thousands
> of emails.
>
> However, I don't want to delete away those spam/spoof mails, just
> want to move them to somewhere else (say another queue) so that I
> can review & in case there are genuine ones, I'll redeliver them
> later.
>
> I thought of:
> mailq | grep -i mailer | awk '{print ($1)}' | grep -v "@" >
> listofsuspectmails.txt
>
> for each queue id or mail entry id in listofsuspectmails.txt, I'll do a
> postsuper -h entry_id
> to hold the suspect email & after reviewing if I want to release, issue
> postsuper -H entry_id
>
> Question is :
> are the 'held' mails still something that will be scanned (& thus
> prolonged the scan time) or scanning of mail queue will skip
> 'witheld' mails? If I have 100000 'witheld' emails & they're still
> being scanned, it will defeat this purpose of me witholding the
> mails.
>
> Currently we manually do a " postsuper -d entry_id " to delete away
> emails (which can be automated with a Shell script but I don't want
> to automate deletion as we may delete possibly genuine emails) after
> examining the emails
>
>
> 2nd question:
> ------------------
> Title : Linux OS files that hold postfix incoming & outgoing mails
>
> Does anyone know the equivalent of sendmail's /var/spool/mqueue and
> .../clientqueue files in postfix?
>
> I plan to use a script to extract out the 'witheld' postfix mails, sieve
> through
> it & generate out a list of 'witheld' mails to be deleted. Then use a
> looping
> Shell script to read thru this list to 'postsuper -d " to delete away these
> 'witheld' mails. I would like to take a backup of these files first, delete
> the
> 'witheld' mails & just in case I regret the decision later, I can restore
> back
> the mail or mail queue files to recover them back.
>
>
>

1. You are a backscatter (e.g. accepting email to unknown users).

2. or Some account has been compromissed and used to sent spam.

3. look this queue GUi: http://sourceforge.net/dbimage.php?id=215498
(korreio.sf.net)

-- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "While not fully understand a software, don't try to adapt this software to the way you work, but rather yourself to the way the software works" (myself)