There was a recent spam attack on a very old web server running Qmail as mail server. The mail queue rose up to 25''000 mails and the server got blacklisted. Once the responsible account was blocked, the mails in the queue had to be removed.
After some research, I figured that the qmHandle script is best used for that. Here are some examples:
Show full mail queue (this can take some time when you have several thousand mails...):
/var/qmail/bin/qmHandle -l
153341 (0, 0/153341)
Return-path: admin@xxx.ru
From: =?utf-8?B?0JzQvtC50JzQuNGA?=
To:
Subject: =?utf-8?B?0JLQsNC8INC/0L7RgNC10LrQvtC80LXQvdC00L7QstCw0LvQuA==?=
Date: Mon, 15 Apr 2013 13:47:14 +0100
Size: 2714 bytes
168695 (13, 13/168695)
Return-path: manager@example.com
From: "Example AG"
To:
Subject: =?utf-8?B?RGllIEJlemFobHVuZyBtaXQgSWhyZXIgS3JlZGl0a2FydGUgd3VyZGUgZXJmb2xncmVpY2ggZHVyY2hnZWbDvGhydC4=?=
Date: Thu, 18 Apr 2013 00:29:26 +0200
Size: 322307 bytes
Total messages: 552
Messages with local recipients: 0
Messages with remote recipients: 552
Messages with bounces: 383
Messages in preprocess: 0
Show content of message:
/var/qmail/bin/qmHandle -m153341
--------------
MESSAGE NUMBER 153341
--------------
Received: (qmail 7135 invoked by uid 399); 15 Apr 2013 12:47:29 -0000
Received: from unknown (HELO 46-65-188-25.zone16.bethere.co.uk) (user@domain.com@46.65.188.25)
by pop03.swiss-web.com with ESMTPAM; 15 Apr 2013 12:47:29 -0000
X-Originating-IP: 46.65.188.25
X-Sender: user@domain.com
Message-ID:
Reply-To: =?utf-8?B?0JzQvtC50JzQuNGA?=
From: =?utf-8?B?0JzQvtC50JzQuNGA?=
To:
Subject: =?utf-8?B?0JLQsNC8INC/0L7RgNC10LrQvtC80LXQvdC00L7QstCw0LvQuA==?=
[...]
Delete mails in queue from a certain sender (the From: part of the mail header is relevant):
/var/qmail/bin/qmHandle -fadmin@mupoxydeli.ru
Calling system script to terminate qmail...
qmail stopping OK
Looking for messages from admin@mupoxydeli.ru
Message 153309 slotted for deletion
Message 153341 slotted for deletion
Deleted 2 messages from queue
Restarting qmail...
qmail starting [ pop3 smtp submission ] OK
done (hopefully).
Show mail queue statistics:
/var/qmail/bin/qmHandle -s
Total messages: 511
Messages with local recipients: 0
Messages with remote recipients: 511
Messages with bounces: 383
Messages in preprocess: 0
Update May 14th, 2014:
Another, but unproper, way to delete mails directly in the file system. I had a case when tons of mails with destination to "bla@example.com" were stuck in the mail queue, because this mail address is a forwarding e-mail address to another external address (eg. blaexample@gmail.com). bla@example.com received hundreds of spams which were accepted by the qmail mailserver but were not accepted by the real destination mailserver (gmail in this case). Because the spams all came from different sender addresses, I couldn't use the "qmhandle -f" parameter. I deleted these mails manually:
for mailid in $(grep -rni "for <bla@example.com>" /var/qmail/queue/mess/* | awk -F: '{print $1}' | awk -F"/" '{print $7}'); do /var/qmail/bin/qmHandle -d${mailid}; done
C from wrote on Apr 21st, 2013:
/var/qmail/bin *shudder* - I had to download the .deb just to see if qmail really installs binary executables in /var, and it does. I know, not really a constructive comment, but I'm kinda amazed at how some software is being installed. Maybe /usr/lib/fstab is somewhere out there too? :-)
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder