web analytics

Script to clear spoofed emails from email queue

One of my friends email account was hacked, and was used to send tons of spam mails. Some of the mails were sent direct from his account while some others where spoofed.  There were around 50K emails in the queue.

I cleared all mails sent from him with the following command.

exiqgrep -i -f abc@abc.com | xargs exim -Mrm

where abc@abc.com is the account that was hacked.

Still there were close to 49000 mails in the queue. I wrote the following script to clear them. It basically checked the auth_id field in the header section of every email in the queue and if it matches abc@abc.com, then delete the message from the queue.

[root@abc ~]# vi script.sh

#!/bin/sh

phrase=”-auth_id abc@abc.com”

for i in `exim -bp | awk ‘{print $3}’`
do
authid=`exim -Mvh $i | grep auth_id`
if [ “$authid” == “$phrase” ]
then
exim -Mrm $i
fi
done

Save and close the file and provide executable permission.

[root@abc ~]# chmod +x script.sh

[root@abc ~]# sh script.sh

Try it !!!

2 comments to Script to clear spoofed emails from email queue

  • Jeen  says:

    Amazing….

  • deutschland trikot 2014  says:

    deutschland trikot 2014

    Pretty nice post. I just stumbled upon your blog and wanted to say that I’ve really enjoyed browsing your blog posts. After all I’ll be subscribing to your rss feed and I hope you write again soon!

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>