how to clear the mail queue of emails from a specific email address

Follow

So an email account on your WHM/cPanel server has been breached. Either the password was guessed or brute forced - and someone has now turned your server into a spamming machine. 

Follow these steps to fix the issue: (the commands below can be copied and pasted into your SSH session)

* Log into WHM

* List accounts - locate the affected account

* Open the cpanel page

* Click on Email Accounts

* Change the password for the email address - make sure you select a password that will be hard to brute force.

* Open an SSH session to your server - login as root

* Type the following and hit enter: exim -bpc
(This will display how many emails are in the queue) 

* Type the following and hit enter: exim -bp
(This will displat the emails in the queue - for this example lets assume the hacked account is test@test.com.au - you will see a list of emails from the hacked email account.)

* Type the following and hit enter: exim -bp | grep test@test.com.au | awk '{print $3}' | xargs exim -Mrm

All emails from the offending address will be deleted from the queue.

 

 

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk