Monday, April 10, 2006
Ticket in the support queue: “Hey, can't check my email since my account is overquota!”
Hey, I think someone clued in enough to know what the actual problem is! Wonderful! Okay, it's not wonderful that he's overquota due to spam, but it is wonderful because it's more than just “the Intarweb is broke!”
I log into the server, check his mail spool files. Yup, a couple of mailboxes are over 100M in size; one is over 200M. I run a script (which I wrote) that moves the spool file to a backup (and changes ownership of the spool so the space doesn't count against the customer) and creates an empty spool file. The backup is so that if there were any legitimate email (which, frankly, isn't likely in most cases, since these mailboxes are often not checked by the customers since they are unaware of the existance of said mailboxes, or forgot, or just don't care) we can retrieve them if necessary. So I run the script on the largest spool file.
After it runs, I check. 12K spool file, when it should be 0K. Check again. 42K. Check again, 63K. The spam is just pouring in. I check through the <shudder> control panel and yes, unless specified otherwise, all email for the customer's domain will end up in this mailbox. I change it to
/dev/null (the bit bucket) and check back with the spool file. 1.5M, less than two minutes.
Now, perhaps over an hour later, the spool file is 22M in size, and apparently, setting this mailbox to
/dev/null in the <shudder> control panel didn't work. I may have to link the spool file to