If the "SPAM" is in the queue, it is likely on its way OUT, not IN...
Let's understand the "basics" of a QMAIL queue....
A message comes into the QMail system for delivery:
- The message is assigned a unique message ID (a number)
- The message is entered into the QUEUE as follows:
- The message itself is placed into a file named the MSGID in the "mess" folder
- If there are local recipients, a file is created named the MSGID in the "local" folder. This file contains a LIST of all of the local recipients and whether or not the delivery to their mailbox has been completed
- If there are remote recipients, a file is created named the MSGID in the "remote" folder. This file contains a LIST of all of the remote recipients and whether or not the delivery to their mailbox has been completed
- Periodically, separate QMail processes look through the local and remote folders to see if messages need to be delivered
- Periodically, another process checks the folders -- if a message ID no longer has any recipients awaiting delivery, then the files with the MSGID names are finally removed from all locations.
So -- take this information and build a script to do what you want... (There are LOTS of other scripts out there -- much more powerful, much more elegant -- and thus, safer to your queue -- but this will get done (by brute force) what you want.
==== Script.sh =====
#!/bin/bash
#
# STOP QMAIL BRIEFLY TO DO THIS! (Do this the RIGHT way for your system -- this is a RH example)
service qmail stop
#
# put the domain who is sending SPAM in the variable below
BADSENDER=baddomain.com
#
# Assumption: your queue folders are in /var/qmail/queue
ALLMSGS="`find /var/qmail/queue/mess/* -type f -print`"
for MSGID in $ALLMSGS ; do
if grep -i "^from.*${BADSENDER}" /var/qmail/queue/mess/$MSGID > /dev/null 2>&1 ; then
# Assumption: you are already using qmHandle
qmHandle -d$MSGID
fi
done
#
# Restart QMail processing
service qmail start
==== Script.sh =====
What you've done:
ALLMSGS contains all of the MSGIDs in the mess queue (remember, the message "body" is there, regardless of whether delivery is local or remote).
In the FOR loop, we look inside the message for a line that starts with from & contains the bad domain sender
For those files that are found, the qmHandle program is used to remove those entries from the queue "cleanly"
COMMENTS:
Yes, I could have done this in fewer steps -- in fact, I could have done it with a single FOR loop so that you could just enter it on the command line -- but it would be much harder to describe what I'm doing and would be of little value (unless your queue had tens of thousands of entries!)
I hope this helps!
Dan
IT4SOHO
