==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes, v2.1.3 (MySQL)
====

A password was hacked this morning, and the spammer filled the postfix queue with about 200,000 spam emails.

I changed the user password, and disabled the account for now.

I tried using the following command to delete all mails in the queue, but each time I run it, it finds more.

mailq | tail -n +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($7 == "hacked@rightnow.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -

Any thoughts as to how to delete them all at once? Right now I'm using watch every second with the above command to continuously clean them out.

Most of the entries in mail.log look like this.

Nov 15 16:10:48 iredmail amavis[14762]: (14762-20) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL [93.155.167.200]:34002 [93.155.167.200] <hacked@rightnow.com> -> <someone@somedomain.com>, Queue-ID: 721F4339C41, Message-ID: <i8mbgl0c7lxwpejj894qk3dt.1656652937512@rightnow.com>, mail_id:UYcf-4SG-tbm, Hits: -2.9, size: 566, queued_as: 24075334D13, 2015 ms

The IP shown in not one of my IP addresses, but it appears in a lot of the outgoing mails in the log.

I'm guessing that everything is spooled right now, and they have to get into memory before I can delete them. Any help is appreciated.

Steve