ok - but help me here.....

let's say we find a spammer who is in the process of using a compromised account. he's authenticated from one or more ip addresses and is actively sending.

we change the account password (and suspend the account?).

how do we shut down the active sending sessions?

If you have 6.9d-17
    change the password and then issue the command:
    tellmail delete_contains user@xyz.com

I can send you a new build if you let me know what platform.


ChrisP.

david camm
advanced web systems
keller, tx


On 5/10/2015 4:18 PM, Surgemail Support wrote:

On 5/8/2015 4:27 PM, Frank Bulk wrote:

HTML clipboard

Chris,

Thanks, I’m glad to hear about these improvements.

Just to be clear, when you write “changing the password on an account will also abort any existing 'smtp' sesssions so sending cannot continue” you mean any _incoming_ SMTP traffic for that account will be aborted, not any outgoing messages that were already submitted into the outbound queue, correct?  If so, that would be my desired and preferred behavior.

Yes it will abort the incoming connections only.

Will the “delete_contains” match up with the SMTP AUTH user?  I know that idx messages that are in the outbound queue have this in the Surgemail “header”:

user: <email address>

Will “delete_contains” match on that?

Yes.
    ChrisP.