=^.^=

Clearing Huge Zimbra Mail Queues

karma

An account on one of my Zimbra servers was compromised recently, leading to about one hundred or so different spammers gangbanging it. It wasn't hard to fix the leak but once you've got your spammer problem dealt with you will probably be left with huge queues. Huge queues that are probably putting your load average well above 10. Worse than the resource problem, as these queues very slowly drain you are still spamming and it will take a very long time to get off of all the RBLs you are undoubtedly now on unless we take action to clear them now.

You should be able to log into the Zimbra administration front-end, navigate to Monitor > Mail Queues and selectively clear deferred messages from bad addresses. Unfortunately, the web interface is as useless as a tit on a bull when it comes to clearing tens of thousands of messages. It's necessary to shell in and manipulate the postfix queues directly.

Lots of thanks to TheBrain.ca for publishing his solution at http://developer.thebrain.ca/2010/06/troubleshooting-mail-queue-on-postfix.html:

# /opt/zimbra/postfix/sbin/postqueue -p | awk '/[email protected]/ {print $1}' > /tmp/user.txt
# /opt/zimbra/postfix/sbin/postsuper -d - < /tmp/user.txt

This uses awk to spit out the message ID of e-mails coming from [email protected] which we then feed into postsuper -d.

You should edit the output file and do a null search and replace for asterisks. You may also find some non-message-ID entries but these can safely be ignored.

If you don't want to see the list of message IDs before dropping them a more elegant method can be found in the postsuper man page:

              mailq | tail +2 | grep -v ’^ *(’ | awk  ´BEGIN { RS = "" }
                  # $7=sender, $8=recipient1, $9=recipient2
                  { if ($8 == "[email protected]" && $9 == "")
                        print $1 }
              ´ | tr -d ’*!’ | postsuper -d -

Comments

There are no comments for this item.