web analytics

Monthly Archives April 2014

Script to clear spoofed emails from email queue

One of my friends email account was hacked, and was used to send tons of spam mails. Some of the mails were sent direct from his account while some others where spoofed.  There were around 50K emails in the queue.

I cleared all mails sent from him with the following command.

exiqgrep -i -f abc@abc.com | xargs exim -Mrm

where abc@abc.com is the account that was hacked.

Still there were close to 49000 mails in the queue. I wrote the following script to clear them. It basically checked the auth_id field in the header section of every email in the queue and if it matches abc@abc.com, then delete the message from the queue.

[root@abc ~]# vi script.sh

#!/bin/sh

phrase=”-auth_id abc@abc.com”

for i in `exim -bp | awk ‘{print $3}’`
do
authid=`exim -Mvh $i | grep auth_id`
if [ “$authid” == “$ph...

Read More