Delete spam mails from queue

[sandiphw]

Hi,

Recently we are receving thousands of spam mails in the morning which chokes our mail delivery system. All these goes to deffered queue. I need to flush the queue to put those in active queue but it takes 2/3 hours to clear the queue.

How can I delete all those spam mails from the queue? The examples of these mails are :

B665819918A0* 4469 Fri Mar 7 09:12:16 MAILER-DAEMON
Kyung-0flounce@holtecnet.com

0AB681991990* 4385 Fri Mar 7 09:12:30 MAILER-DAEMON
wallace-0erans@holtecnet.com

EF2A919913A7* 4537 Fri Mar 7 09:12:24 MAILER-DAEMON
0etadpu1983@holtecnet.com

25D72199144D* 4404 Fri Mar 7 09:12:51 MAILER-DAEMON
0ngila1953@holtecnet.com

All email-ids are unique, so I cann't delete by user id. There must be some command to delete all those mails at a time which is from MAILER-DAEMON which I donn't know.

Any help/ suggestion regarding this will be highly appreciated.

Sandip

[dwmtractor]

Sandip,

I don't know if it's possible to do what you're asking, but I have a more systemic question for you--why are these messages building up in your queue anyway? If Antivirus/Antispam is turned on, they should be getting dumped, not held in your queue. And if they're to bad addresses they should be rejected for the bad address.

Check out this wiki article Improving Anti-spam system - Zimbra :: Wiki for a variety of pointers to improve filtering, which should keep your queues cleaner.

Those messages you posted--is the holtecnet.com domain yours or the source of the messages? If it's the source, see specifically this section for blacklisting a particular domain. If it's your domain (the destination), then turning on the reject_unlisted_recipient option as described in this section of the same wiki.

With these changes you should have less that requires manual flushing from the queue in the first place.

Cheers,

Dan

[sandiphw]

Thank you for your elaborate explanations.

I request you to assist little more. I am not very experienced administrator. Actually I am from software development side and recently looking after administration issues due to some scarcity. So all technical term related to administration may not very clear to me.

The Holtec - Consultants for Cement, Power, Roads, Infrastructure. Engineering & Structural Steel Detailing Services For Industrial & Commercial Projects. is our domain. So you suggested to turn on reject_unknown_recipient in /opt/zimbra/conf/postfix_recipient_restrictions.cf

The link advice to
Change the entry in zmmta.cf for smtpd_reject_unlisted_recipients to 'yes',

But, i don't find any such option in my zmmta.cf. I am here attaching my zmmta.cf file. Should I add this line in /opt/zimbra/conf/postfix_recipient_restrictions.cf?

We are using version 3.1.3.

[phoenix]

Quote:

Originally Posted by sandiphw

We are using version 3.1.3.

I'd strongly suggest you get yourself upgraded to a more recent release of Zimbra, the current version is 5.0.2 There have been many performance and usability changes since that version of Zimbra was released, it's also EOL.

[sandiphw]

Bill,

I fully agree with you that we need to upgrade the zimbra version, but it takes time to do it as others modification also need to do parallely. As an immediate solution how to stop the spams (receipents with no address)? Where to set those as suggested by Dan? I believe, this setting should solve our problem.

Thanks

Sandip

[dwmtractor]

Sandip,

I don't have access to an installation of 3.x anywhere; that's a pretty old setup. Do you have a file /opt/zimbra/conf/zmmta.cf? In that file, on 4.x and later systems at least, there is a long list of options that start with the string POSTCONF. They are mostly in alphabetical order, and one of them is

Code:

        POSTCONF smtpd_reject_unlisted_recipient        no

Just change that "no" to a "yes" and you should be golden once you stop & restart your mta.

However, you really need to upgrade ASAP. There is a LOT to be fixed by doing so. If you're not ready to go to 5.x, at least get onto the latest 4.x for security reasons as well as functionality.

But when you speak of "other modifications" that need to be done in parallel, what to you mean? The upgrade should handle most of those pretty seamlessly, I should think, although you'll have to do it in a couple of steps as 5.x installers require 4.5.7 or later to upgrade. Better double-check with other authorities on this forum, what intermediate steps you may need to get from 3.1.x as I don't have that information handy.

Now of course, if you're running on a nonsupported OS or old hardware, I can see why your upgrade could be more complex, but otherwise, it may well be easier than you think.

Cheers,

Dan

[mmorse]

Queue management commands:
Postfix manual - postsuper(1)
Postfix manual - postqueue(1)
(su - zimbra first)

As for reject_unlisted_recipients that came out with postfix 2.1 (the alternative before that is check_recipient_maps) and I believe ZCS 3.1.0 had Postfix 2.2.9 so you should be ok adding that as a restriction.

I'll 3rd on the 'definitely time to upgrade' - this would probably be a fine route: 3.1.3> 4.0.5 > 4.5.2 > 4.5.11 > 5.0.2

[dwmtractor]

Received following reply from Sandip, having trouble posting

Quote:

Hi Dan,
I cann’t post reply in the forum though after properly logeed in.


See the attached zmmta.cf file we have. I had add the following lines in postfix_receipent_restriction.cf

reject_unknown_receipents and restart zimbra.

It doesn't work. Any idea?

Regards,

Sandip

Sandip,

I have not studied up on the postfix howtos, but I can tell you by looking at the syntax of the rest of the postif_recipient_restriction.cf that your syntax is wrong. "and restart zimbra" is not a phrase that belongs in the file at all.

As I said in the post above, you need to modify zmmta.cf. Since your copy does not already have the line

Code:

        POSTCONF smtpd_reject_unlisted_recipient        no

you need to add that line, but change "no" to "yes"

Once you have done this, you need to stop Zimbra by doing the following:

Code:

su - zimbra
zmcontrol stop

Now wait for 15 or 20 seconds to make sure it has stopped. Now

Code:

zmcontrol start

This should make the setting you've just added take effect.

Again, I am basing this on my knowledge of 4.5.x because I don't have 3.x to look at, but according to what Mike said above it should still work.

Dan

[fcash]

Quote:

Originally Posted by sandiphw

Recently we are receving thousands of spam mails in the morning which chokes our mail delivery system. All these goes to deffered queue. I need to flush the queue to put those in active queue but it takes 2/3 hours to clear the queue.

How can I delete all those spam mails from the queue? The examples of these mails are :

B665819918A0* 4469 Fri Mar 7 09:12:16 MAILER-DAEMON
Kyung-0flounce@holtecnet.com

Login to the server, switch user to zimbra, then run the postsuper command similar to:

Code:

# postuper -d B665819918A0

You can use postqueue -p to list out all the items in the queue, and then use postsuper -d <mailID> -d <mailID> -d <mailID> ... and so on, to delete a bunch of them in a row.

If you are up on your awk or perl, then you can whip up a script that will output the queue, grab the mailID for items that fit certain criteria, and call postsuper for those messages only. I leave that last part up to you.

[sandiphw]

Hi,

Sorry for misunderstanding. The files I attached are original one without any modification by me recently.
There is one line in zmmta.cf
POSTCONF smtpd_recipient_restrictions FILE postfix_recipient_restrictions.cf

which I understand points to file postfix_recipient_restrictions.cf which need to be modified to block unknown receipent. So I had added the following line in this file:

reject_unknown receipent

(seeing syntax of rest parameters)

Then I restart zimbra, but it didn't work. Where I am wrong?

Thanks for your co-operation to understand my problem