I maintain a mail server used by hundreds of customers. Now and then a customer gets infected by a virus and starts sending tons of spam email. I primarily notice this because it fills the post queue with tens of thousands of pending mails, rather than a couple of hundred.

Finding the spam sender's IP address and blocking it is simple, but I still have tens of thousands of spam emails in the mail queue, often with different sender addresses.

When I print the post queue using postqueue -p it displays the mail ID, the sender email address and all recipients. It doesn't display the IP of the sender.

I can find the sender IP of a mail by running:

postcat -q ABCDEF1234 | egrep "\\bclient_address="

Where "ABCDEF1234" is the mail ID.

I wrote a tool that lists all mail IDs, then loops through them running postcat -q on each one and filtering away those that don't match the input ID.

This works, but it's extremely slow. Filtering a post queue with 441 emails takes 7-8 seconds. If I'm trying to filter a spam-filled post queue with tens of thousands of mails, this tool is going to be useless.

My hope is that there is some tool or flag I don't know about that let's me filter by sender IP address.

I'm running Postfix 2.10