Friday, 10 July 2015

Postfix Spam EMail Queue Fix

The following commands will allow you to review these queues:

1- Display the mail queues, deferred and pending



mailq
or
postqueue -p
To save the output to a text file you can run:
mailq > mailqueue.txt
or
postqueue -p > mailqueue.txt

Either of these commands will show you all queued messages.
NB: this command shows the sender and recipients and ID, not the message itself. The ID is particularly useful if you want to inspect the message itself.

2- View message (contents, header and body) in Postfix queue


To view a message with the ID XXXXXXX
(you can see the ID from the queue)
postcat -vq XXXXXXXXXX
Or to save it in a file
postcat -vq XXXXXXXXXX > emailXXXXXXXXXX.txt

A useful feature for web servers is to enable mail.add_x_header = on in the Postfix configuration. This will add a header to all outgoing email messages showing the script and user that generated each message.  Once enabled this will then add the following extra header to message:
X-PHP-Originating-Script: 1001:spamEmailer.php

In this example 1001 is the UID and the spamEmailer.php was the script sending the message. This can allow you to quickly track down the source of spam messages being sent by your server.

With these commands you should be able to review your mail queue and make sure that intended messages are being sent and have not been rejected.

How to delete queued mail from the mail queue


Now that we have learned the necessary steps to reviewing your mail queue, the final 3 tips will demonstrate how to delete queued mail.

3- Tell Postfix to process the Queue now


postqueue -f
OR
postfix flush

This will cause Postfix to immediately attempt to send all queued messages.

4- Delete queued mail


Delete all queued mail
postsuper -d ALL
Delete only the differed mail queue messages (i.e. only the ones the system intends to retry later)
postsuper -d ALL deferred

5- Delete mail from the queue selectively


This is not something that is natively included with the standard Postfix tools however can be done with a bit of Perl scripting.
NB: This perl script seems to be free, and is all over the internet however I could not find out where it originates or who wrote it but my thanks go to them!
#########################################
#!/usr/bin/perl

$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";

@data = qx</usr/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}

#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;

foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);
#########################################

Usage Examples:
Delete all queued messages to or from the domain called spamers.com, enter:
./postfix-delete.pl spamers.com
Delete all queued messages that contain the word "spam" in the e-mail address:
./postfix-delete.pl spam

No comments:

Post a Comment