Hello,
I have about 400,000 (and counting) messages in my exim queue, I would like to know how to easily delete them without using WHM (which takes some hours to delete them all). Either that, or I would like to know how to discard bounced back mail if it is sent FROM a certian address (like auto-responder@mydomain.com), or how to blackhole all bounced back messages. I currently have a ::blackhole:: setup in CPanel, but it seems to do nothing...
Thanks
N00b
Full Version: .4 Million messages in queue
Are you sure you don't have a spammer on your server :shock:
All signs seems to point to the fact that your server might be involved in sending spam or receiving them. Check the headers of the messages to see where it is originating from.
To even load those 400000 message to check the headers will take quite some time. :shock:
The messages are not spam. Anyone know how to decrease the exim queue, or delete all the messages quickly or block certian addresses? Willing to pay via paypal to anyone who can help me on this.
Thanks.
Thanks.
You have 400,000 messages that aren't spam and you want to delete them? What are they then?
You need to find out the root cause of the problem, and then you can figure out how to solve it. Where are these emails coming from, why are they sticking in the queue, what are they, etc?
Do you have a newer version of cpanel installed? At least the latest release or newer? That version has a new version of exim that includes the changes I used to do to reduce emails sticking in the queue from spam and bounces, etc. It reduces the NDRs, and moves most of them to the SMTP conversation which can greatly reduce your queue problems.
You need to find out the root cause of the problem, and then you can figure out how to solve it. Where are these emails coming from, why are they sticking in the queue, what are they, etc?
Do you have a newer version of cpanel installed? At least the latest release or newer? That version has a new version of exim that includes the changes I used to do to reduce emails sticking in the queue from spam and bounces, etc. It reduces the NDRs, and moves most of them to the SMTP conversation which can greatly reduce your queue problems.
another note:
I'd use ::fail:: no such address here
(or whatever it says in the mail settings, doing this from memory)
Instead of ::blackhole::
I'd use ::fail:: no such address here
(or whatever it says in the mail settings, doing this from memory)
Instead of ::blackhole::
When I load https://xxx.xxx.xxx.xxx:2087/scripts2/killeximq, it deletes the messages very slowly. Then in some days its back up to around .5 million.
dezignguy, these messages in the queue are not able to be sent. I know ::blackhole:: is supposed to discard incomming mail, and ::fail:: sends a messages to the sender if their mail can not be delivered (won't that double the problem)?
Basically I want to just have a message that can not be sent on the first attempt to be discarded.
Here is our Exim config, are we doing anything wrong?
deliver_queue_load_max = 10
remote_max_parallel = 15
queue_run_max = 15
queue_only_load = 15
ignore_bounce_errors_after = 12h
timeout_frozen_after = 1d
return_size_limit = 500
split_spool_directory = true
recipients_max = 10
recipients_max_reject = true
dns_retrans = 2s
dns_retry = 1
smtp_enforce_sync = false
smtp_receive_timeout = 30s
receive_timeout = 1m
delay_warning = 3d
bounce_return_message = false
auto_thaw = 12h
dezignguy, these messages in the queue are not able to be sent. I know ::blackhole:: is supposed to discard incomming mail, and ::fail:: sends a messages to the sender if their mail can not be delivered (won't that double the problem)?
Basically I want to just have a message that can not be sent on the first attempt to be discarded.
Here is our Exim config, are we doing anything wrong?
deliver_queue_load_max = 10
remote_max_parallel = 15
queue_run_max = 15
queue_only_load = 15
ignore_bounce_errors_after = 12h
timeout_frozen_after = 1d
return_size_limit = 500
split_spool_directory = true
recipients_max = 10
recipients_max_reject = true
dns_retrans = 2s
dns_retry = 1
smtp_enforce_sync = false
smtp_receive_timeout = 30s
receive_timeout = 1m
delay_warning = 3d
bounce_return_message = false
auto_thaw = 12h
are they Outgoing mail or incomming mail?
I guess that you have a problem with spam on your server
I guess that you have a problem with spam on your server
Probably it is not spam to him because he could be sending those out and they did not get delivered 
400k to 500k emails whether they be incoming or outgoing is going to be a big issue. If it ain't spam, I really do not know what it is. I mean to think that those trapped in the queue are only a portion of mails which were being sent or received.
If you need to delete them or send them to the blackhole means that they are not needed and as such would be an issue. Of course unless they are log alerts which are send each time you get a hit on your server then probably that is another issue altogether.
In whatever the case, try to find out what is causing you to have or send so many emails and stop it once and for all. If you need to complain to the authorities, please do so.
400k to 500k emails whether they be incoming or outgoing is going to be a big issue. If it ain't spam, I really do not know what it is. I mean to think that those trapped in the queue are only a portion of mails which were being sent or received.
If you need to delete them or send them to the blackhole means that they are not needed and as such would be an issue. Of course unless they are log alerts which are send each time you get a hit on your server then probably that is another issue altogether.
In whatever the case, try to find out what is causing you to have or send so many emails and stop it once and for all. If you need to complain to the authorities, please do so.
Have you looked at the headers on these emails, checked your mail stats and looked at /var/log/maillog or /var/log/exim_mainlog to see where it's coming from/going to and where it's originating from?
QUOTE
dezignguy, these messages in the queue are not able to be sent. I know ::blackhole:: is supposed to discard incomming mail, and ::fail:: sends a messages to the sender if their mail can not be delivered (won't that double the problem)?
Yes. Blackhole accepts the incoming mail and routes it to /dev/null (deletes it)... fail rejects the email during the smtp conversation with the sending server. So if your exim is configured properly then ::fail:: is the option with the least amount of load on your server since it never has to handle the email itself.
QUOTE
Have you looked at the headers on these emails, checked your mail stats and looked at /var/log/maillog or /var/log/exim_mainlog to see where it's coming from/going to and where it's originating from?
Yes, you really need to do this so you can determine exactly what is going on. Fail or blackhole won't help you if your server is the source of the spam emails. Make sure your mail relay is properly secured. Have you done any customizing or tweaking with any of the settings that might possibly have opened it up to spammers?
If you're using an older version of exim/cpanel, then this may help you as well:
http://www.webhostgear.com/50.html
Otherwise, updating cpanel to the latest release version includes a new version of exim that includes that feature.
It sounds quite possible that you have a spammer on your server, or your email server is wide open, or your server might even be hacked and rooted... either way, just getting rid of the queue won't help you since a few minutes later there'll be new ones to replace them.
Not to scare you too badly, as it is also possible that you're just the victim of a huge amount of spam sent to your server, or the recipient of all the bounces from a large spam run.
What is your server load? Is sounds like your server is very bogged down processing all these emails... there might even be a script running at the same time still spewing spam.
You MUST find out what's going on! By not doing anything or not fully taking care of the problem, you can easily get your server blacklisted by over half the internet... SM can shut down your server until it's had an OS reload ($75 fee + downtime and lost data)... and you can also lose or compromise (private email, credit card #'s) the data on your server.
Not to scare you too badly, as it is also possible that you're just the victim of a huge amount of spam sent to your server, or the recipient of all the bounces from a large spam run.
What is your server load? Is sounds like your server is very bogged down processing all these emails... there might even be a script running at the same time still spewing spam.
You MUST find out what's going on! By not doing anything or not fully taking care of the problem, you can easily get your server blacklisted by over half the internet... SM can shut down your server until it's had an OS reload ($75 fee + downtime and lost data)... and you can also lose or compromise (private email, credit card #'s) the data on your server.
The OS reload is now $25 so it is more affordable to do the reload if your server is being compromised.
Thanks guys for your help, it was just a script that was broken, all fixed now.
QUOTE
The OS reload is now $25 so it is more affordable to do the reload if your server is being compromised.
Ahh guess I missed that 'announcement.'
Glad you got it figured out and fixed.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.