Hello,

i see on the Linux server is 6Gb large /var/log/maillog file
and contents shows there is huge amount of deferred mails in /var/spool/mqueue

I wanted to delete these deferred and this script did it:

Code:
#!/bin/bash 

count=0;

cd /var/spool/mqueue

for id in `find . -name df\* -type f -mmin +60`
do
 id=${id:4}
 grep -i deferred qf$id &> /dev/null
 if [ $? -ne 0 ]
 then
  continue
 fi
 count=$((count+1))
 rm /var/spool/mqueue/df${id} /var/spool/mqueue/qf${id}
done

if [ "${count}" -gt "0" ]
then
 true
 #echo "Removed ${count} emails"
fi
But how to discover source of these mails and termiante it?

maillog:
Nov 22 08:22:47 byvyagqe sendmail[29818]: sAMDJuUZ029818: lost input channel from localhost.localdomain [127.0.0.1] to MTA after rcpt
Nov 22 08:22:47 byvyagqe sendmail[29818]: sAMDJuUZ029818: from=<[email protected]>, size=0, class=0, nrcpts=14, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]

Nov 22 08:18:57 byvyagqe sendmail[29739]: sAIIR6tt013646: to=<[email protected]>, delay=3+18:51:51, xdelay=00:01:39, mailer=esmtp, pri=8615740, relay=alt1.gmail-smtp-in.l.google.com. [74.125.131.27], dsn=4.4.2, stat=Deferred: Connection reset by alt1.gmail-smtp-in.l.google.com.
The maillog file explained is here: http://sendmail.org/~ca/email/doc8.12/op-sh-2.html
(to= , delay= , maileré , pri= , relay= , stat= ,)

but from this im not sure how to discover source of SPAM? i see SMTP, but it dont tells me anything