I have been reading up on how SMTP works in postfix, especially the
queue. As I am just about to toggle the switch over from a different
SMTP/POP/IMAP server to Postfix/Dovecot, I want to make sure I know
how to deal with problems that come up.
Yesterday, a user's account was phsished on my non postfix SMTP
server. I had a good deal of emails in the outgoing queue. What I did:
1) Disable SMTP/IMAP/POP for that user
2) Pulled logs for that day
3) Moved all mail files from the queue aside
4) Blocked SMTP from the IP that was abusing the account
In the case of my non postfix email server, dealing with the queue was
pretty simple, each queue is a single files for each domain. So there
were a few hundred files, named example.com where example.com was the
domain that mail was being sent to. Each of those files can contain 1
to x emails. All I had to do was physically move them outside of the
queue, and they were no longer being sent.
The Postfix mailqueue seems a little different. Items are not all in
one directory, Mails are not monolithic files, but separate files.
What is the suggested way of dealing with this, when there are backed
up mails in a queue, and I need to get those out for inspection.
After inspection, I would want to re-queue the good ones, and leave
the bad ones behind. Any pointers would be appreciated.
--
Scott * If you contact me off list replace talklists@ with scott@ *
