Scenario
If your postfix server is running away and it’s chaos because there are 1000s or millions of messages in the queue, your only recourse might be to remove all the messages in the queue and face the backlash of clients who might have missed some email.
However, two situations prevail:
- You’re probably deleting millions of SPAM messages so it will be okay.
- If the email is really so important, maybe the sender must try again?
Either way, deleting all messages might be the only way out of this bind.
Here are some global delete commands. But first, stop Postfix to stop the problem from getting worse and to regain control over performance of the server:
service postfix stop
Delete All
postsuper -d ALL
Delete Deferred
postsuper -d ALL deferred
Delete Specific Message based on ID
First run mailq to get a list of messages and their IDs. Then:
postsuper -d mail_queue_id
Tips
- Before deleting the messages, check the Postfix mail queue to see the pattern. Once you have the pattern, get the source IP and
catthe log file for this IP. This will show you the compromised username. - If the compromised access is a SASLAuth username, you will have to also restart
saslauthotherwise the attacks will keep coming. - Check MX Toolbox to see if the IP is blacklisted.