3
Spam Quarantine - How to empty all
Question asked by Graham Southgate - 11/27/2018 at 3:14 AM
Unanswered
I had a compromised user email account that was hacked by spammers.  I now have 77000 emails sat in the Spam Quarantine folder that were correctly caught by the spam filters on SmarterMail stopping my server propagating these out.

I know they are all spam, so would like to just remove them.  I can only delete maximum 200 at a time.  Is there an easier way to clear out the quarantine area - a delete all option, or can I just delete the folders off the server?  If I did just delete off the server, would it give me any issues with indexes etc.

Thanks in advance. 

6 Replies

Reply to Thread
0
Ryan Wittenauer Replied
This should work:
Under that accounts settings, change the 'Delete Action' to 'Mark as Deleted'.
After doing that, use the delete drop down while in that folder to Delete all in Folder.
Then, Purge Marked as Deleted.

We are running SM 16, so results may vary on 15. 
If that doesn't work, try making a folder auto-clean for that folder and set it to clear once larger than an arbitrarily small size. It usually requires time to do this, but moving a message too and from that folder should cause it to start the auto-clean.
0
Graham Southgate Replied
Thanks Ryan.

This is the server Spam Quarentine box that is part of the spool function and not part of any individual users mail file.  So there is no mark all or select all.  You can only show up to 200 at a time, then select all those to delete, so 70000 is a mighty lot of 200s.

Is is visible via spool when logged in as a system admin and this in on SM16.
0
Graham Southgate Replied
Thanks Ryan.

This is the server Spam Quarentine box that is part of the spool function and not part of any individual users mail file.  So there is no mark all or select all.  You can only show up to 200 at a time, then select all those to delete, so 70000 is a mighty lot of 200s.

Is is visible via spool when logged in as a system admin and this in on SM16.
0
Ryan Wittenauer Replied
Graham,

Sorry, misunderstood you there. You should be able to track down the folder they are stored in on your server.
Under Settings > Antivirus you should find where the Quarantine Directory is.
You might want to stop the service, wipe that folder, and start it back up.

Other than that, from my experience, there is no other way to clear that folder any faster.

Not sure if changing the amount of days to 'None' would make it not store them or just store them indefinitely, the documentation doesn't really clear that up either.
0
Graham Southgate Replied
I have full access to the server and file structure and in the SmarterMail spool folder is a spam quarentine folder with captured spam items in folders by day.

I am sure I could just delete those folders but would like to know that it will not screw up the server indexing or something similar.

SmarterTools - any advice?
1
Scarab Replied
Graham, 

Although I am not SmarterTools I can confirm that manually deleting or moving items out of the \Spool\Quarantine folder isn't going to hurt anything, especially if you stop the SmarterMail service first and restart it when you are done, just as Ryan had suggested. You don't actually NEED to stop the service before deleting the contents of the \Spool\Quarantine directory tree, as they are not locked for exclusive use (whereas items in the \Spool\Subspool folders might), but those deleted messages will still show in the Spool Spam dashboard as they remain indexed until you restart the SmarterMail service...although they will disappear automatically upon the next reindex of the Spam Quarantine even if you don't restart (the frequency of reindexing is based on your settings under TROUBLESHOOTING > OPTIONS > INDEXING).

We have several threshold triggers and scripts that automatically move eml and hdr files from the \Spool\ hierarchy to temp directories and re-add them to the Spool at a set rate to prevent the Spool from hanging under excessively heavy loads which we experience 4-6 times a year, or when an account becomes compromised and sends out a large volume of spam (which although the later are successfully stopped by SmarterMail's IDS thresholds they still clog the Spool which seems to stop working as intended when it reaches a couple thousand emails waiting to be processed). A simple net stop MailService before the script fires and a net start MailService when it is complete is all that is needed to keep things in running order when making any changes to the contents of the Spool.

Generally, if you are quick enough users with email clients or mobile devices won't even notice the brief unscheduled downtime, but note that webmail users will be dumped to a warning screen until the service has been restarted and will lose their session, requiring them to refresh the page and log back in to the webmail. If that is an issue you can safely skip stopping & starting the MailService and just let their indexes remain in the Spam Quarantine until the next reindexing pass (again, if doing anything with the contents of the \Spool\Subspool you MUST stop and restart the MailService).

Ideally there should be a way to delete all messages from a sender (especially when the volume is > 200) from either the Spam or Virus Quarantine in the web interface, just like there is for the Spool. That would be a great feature request.

Reply to Thread