Punit Jain put forth on 5/19/2010 4:19 AM:
>
>> Throttling is not the solution to fight spam originating within your
> network. If you know who is doing it, boot him. If you don't, identify
> who it is, then boot him. Period. Why are you playing paddy cakes with a
> spammer on your network?
>
> Its not user on my network, rather a stolen password which spammer used to
> authenticate and spam. Worst part is by the time I came to know there were
> already 20,000 messages in the Queue, harm was already done. I feel using
> rate limiting would help prevent that.
Then just delete the 20K messages from the queue using postsuper within a
script and reset the password on the compromised account. There's an
example script in the postsuper man page for deleting all messages in the
queue addressed to a given recipient. You should be able to easily modify
it to delete all messages from a given sender. Something like this maybe:
mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" }
# $7=sender, $8=recipient1, $9=recipient2
{ if ($7 == "hacked-a...@yourdomain.com")
print $1 }
' | tr -d '*!' | postsuper -d -
--
Stan
