Posts tagged mail server
Exim Mail Queue
Mar 8th
Like thousands of others Email Server Administrator problem, our Exim mail server was targeted by spammers. I found that there was approximately 10000 emails residing in my mail queue. The exact number of emails in the queue were known by running :
exim -bpc
It was a tough job to clean up the queue. I tried the “exiqgrep” command to clean the emails those were older than 1 day from the queue.
exiqgrep -o 86400 -i | xargs exim -Mrm
Where 86400 are the seconds of 1 day.
However the above command was not of much help instead it keep on giving me errors. I had to think calmly to delete all the spams. I first decided ran the below command to Run additional queues in the background.
exim -qff &
I given this command multiple times. So that many queues were running at the same time. The next step was to clear all the Frozen messages from the mail queue.
exim -bpr | grep frozen | awk {’print $3′} | xargs exim -Mrm
Clearing the Frozen messages was a wise decision as it the mail queue was showing now 4000 messages in it. The other job was to find similar messages. I checked the queue again.
exim -bpr |more
I could guess that most of the emails are 2 or 3 days older. To clear all these spams the next command was helpful, which checked the mail queue then searched “2d” in it and taking the 3 argument which is Message Id… it deleted all those emails.
exim -bpr | grep 2d | awk {’print $3′} | xargs exim -Mrm
The queue was under my control after clearing the email older to two and three days. Still there were couple of hundreds emails in the queue. I noticed that there are many emails without a sender residing in the queue. It was very simple to clean these spams now.
exim -bpr | grep <> | awk {’print $3′} | xargs exim -Mrm
Yippie… I cleared the mail queue.
Some other useful Exim Queue managing commands are below :
exim -Mvh msgid View message header
exim -Mvb msgid View message body
exim -M msgid Force delivery of message
exim -v -M msgid View the transact of message
Force another queue run
exim -qf
Force another queue run and attempt to flush the frozen message
exim -qff
View the log for the message
exim -Mvl msgid
Remove message without sending any error message
exim -Mrm messageID
Giveup and fail message to bounce the message to the Sender
exim -Mg messageID
How much mail in the queue?
exim -bpc
How many Frozen mails in the queue
exim -bpr | grep frozen | wc -l
Deleteing Frozen Messages
exim -bpr | grep frozen | awk {’print $3′} | xargs exim -Mrm
To force exim update:
/scripts/eximup –force
Exim ACL
Mar 8th
We cannot stop spam completely but we definitely can reduce the number of spams and/or the spam attack using some good logical ACLs. The ACL I found very useful are given below. Hope you will also find it useful to protect your EXIM server against spam.
These are very simple ACLs. You need to edit the Exim’s main configuration file: exim4.conf.template
The code should be as below..
################################################## # MAIN CONFIGURATION SETTINGS #
##################################################
Under the main configuration search the ACL Configuration.
##################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
##################################################
Often spammers send for the HELO argument the name or the IP of your host. We can specify our own domain with the ipaddress to reduce the spams. My own domain is “ameyapandit.com” and my own IP is 208.113.170.151.
—————————————————————————————————————————-
acl_check_helo:
accept
hosts = +own_hosts
# If the HELO pretend to be this host
deny condition = ${if or { \
{eq {${lc:$sender_helo_name}}{ameyapandit.com}} \
{eq {${lc:$sender_helo_name}}{208.113.170.151}} \
} {true}{false} }
# by default we accept
accept
—————————————————————————————————————————-
Sender checking
We can refuse some senders, from some marketing companies.
acl_check_sender:
deny senders = /etc/exim4/filters/sender_reject.list
accept
—————————————————————————————————————————-
recent comments