cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1002
Views
0
Helpful
2
Replies

deleterecipients

martinc8306
Level 1
Level 1

We were recently hit with a large number of mails in the active recipient queue due to one of our customers being exposed as an open relay, in a nutshell we sat with just over 100 000 mails in the queue destined for Russian domains .ru.
I was surprised to see no regular expression option in deleterecipients, am I missing something or does it not actually exist?

In case anyone finds themselves in this predicament I wrote a handy script to go get the list of domains off the Ironport and output the commands so as to avoid doing one by one recipient deletion

#/bin/bash
/usr/bin/expect /root/scripts/tophosts.exp (ipaddress) tophosts active_rcpts >> hosts

for i in `cat hosts | awk '{print $2}' | sed '/^$/d' | grep .ru` ;do echo deleterecipients host $i;done

rm hosts

The above will search via grep for .ru, this can be changed

For expect script

#!/usr/bin/expect -f
set ipaddr [lrange $argv 0 0]
set scriptname [lrange $argv 1 1]
set arg1 [lrange $argv 2 2]
#set timeout -1
spawn ssh -p 22 admin@$ipaddr $scriptname $arg1
match_max 100000
# send blank line (\r)
#send -- "\r"
expect eof


For this to work you'll have to have your public key on the Ironports sshconfig for admin

2 Replies 2

When you say this, I was looking at the manual and found the manual has typo on "deleterecipients" all option.



[URL=http://img19.imageshack.us/my.php?image=ipclimanual.jpg][img:3d03e52c82]http://img19.imageshack.us/img19/4388/ipclimanual.jpg[/img:3d03e52c82][/URL]
[URL=http://g.imageshack.us/img19/ipclimanual.jpg/1/][img:3d03e52c82]http://img19.imageshack.us/img19/ipclimanual.jpg/1/w751.png[/img:3d03e52c82][/URL]

steven_geerts
Level 1
Level 1

Hello,

If you have other messages in your queue that you do not want to discard there is a more granular way of getting rid of those messages.

If you create a SMTP route for the domains you want to delete, with /dev/null as destination and after that execute a "deliver now" command, they are all gone.

I did this once for a domain, but I’m pretty sure you can also do this for a TLD (like*.ru).

Please do not forget to remove the SMTP route after you have trashed your messages... (Routing to dev-null it of course quite accurate in terms of resource usage.... but sooner or later you can expect some complains :D )

Regards Steven