Topic: How To Install Qmail-Remove

[supersonico]

The reason of this post is a machine with virus that makes me sick, and qmHande can not delete a bunch of mails from that machine.

To Install Qmail-Remove

First You have to install the gcc compiler + libraries

Code: [Select]


db yum_repositories setprop base status enabled
db yum_repositories setprop base Visible yes
db yum_repositories setprop centosplus Visible yes
db yum_repositories setprop centosplus status enabled
/sbin/e-smith/expand-template /etc/yum.conf
yum install gcc gcc-c++

Second you need to download latest version from here current version is Qmail-Remove 0.95

Download using the following command

Code: [Select]


wget http://www.linuxmagic.com/opensource/qmail/qmail-remove/qmail-remove-0.95.tar.gz

Now you have qmail-remove-0.95.tar.gz file and now you need to extract using the following command

Code: [Select]

#tar -zxvf qmail-remove-0.95.tar.gz

Then

Code: [Select]

cd qmail-remove-0.95
make
make install
cp qmail-remove /usr/bin/
mkdir /var/qmail/queue/yanked

En example how to delete a virus mail from a internal machine in the queue:

# qmail-remove -r -p 192.168.x.x

Enjoy.

[mmccarn]

Code:

db yum_repositories setprop base status enabled
db yum_repositories setprop base Visible yes
db yum_repositories setprop centosplus Visible yes
db yum_repositories setprop centosplus status enabled
/sbin/e-smith/expand-template /etc/yum.conf
yum install gcc gcc-c++

You could more easily (and without risk of forgetting to disable 'centosplus' when you're done) do this:

Code: [Select]

yum --disablerepo=* --enablerepo=base --enablerepo=centosplus install gcc gcc-c++

Be aware that

WARNING: YOU MUST STOP QMAIL BEFORE USING THIS PROGRAM.

The problem with qmHandle is that qmail doesn't stop when requested if you have an open smtp connection to a tarpit server.  How are you making sure that qmail is stopped before running qmail-remove?


By the way, what does qmail-remove do?

[supersonico]

mmccarn

Thanks, (I allways forget something.)

By the way, what does qmail-remove do?

Is a better way to remove messages in the Qmail Queue.

I got spamed, and delete the 305 mails that machine sent with Qmhandle web interface was to slow.

With this only use the -p <pattern> and 3 seconds after no garbage mail.

[mmccarn]

Since you were at the command line anyway in order to run qmail-remove, you could have run

Code: [Select]

qmHandle -SSubject\ Textto delete all emails in the queue that "have/contain" "Subject Text" in the subject, or

Code: [Select]

qmHandle -D to delete all email in the queue...

(I feel like I'm starting to sound like an advertisement for qmHandle; sorry!)

The qmail-remove "-p <pattern>" capability looks as though it could be very powerful!

[supersonico]

mmccarn

Supose that You have 110 mails in the qmail-queue.

100 are from a machine in the network that have a spam-virus...
the mails form that machine have 50 different subjects.
the mails form that machine have 80 different contents.

the other 10 mails are in the queue because the server is registered as SPAM and that messages are "important information".

Code: [Select]


qmHandle -SSubject\ Text
50 diferents Subjects...

Code: [Select]

qmHandle -D
good by work and sex life... (important parts in my body can have a damage thanks to delete the boss mail)
So

Code: [Select]


qmail-remove -r -p <IP from the infected machine>
From 3 hour of work to 3 seconds...
Then report to the spam databases that I was infected.
Wait..
this is for saving my work and the most important parts of my body  

[mmccarn]

Got it