We help IT Professionals succeed at work.

Disk is almost full due to /var/mailcleaner/spam/ folder

Dear All,

In the past few weeks, I noticed the mailcleaner gateway was being targeted with bruteforce and spam attacks from Russia and Iran, I deployed country block plugin on my firewall and blocked entire CIDR for both Russia and Iran and kept an eye on Mailcleaner for any attacks with authentication attempts.

Since then, I noticed the mailcleaner disk has went up from 25% to 76% with the path /var/mailcleaner/spam/ and all domains included full of spam files with size up to 35 GB.

I have few questions to clean some space and prior to that also.

Are those spam files ?
Are they released or not?
Is it safe to delete them?

Thank you
Comment
Watch Question

David FavorFractional CTO
Distinguished Expert 2019

Commented:
Based on docs, these files seem to be the files used to build up intelligence differentiating Ham (good) + Spam (bad) mail.

It appears deleting these files may destroy all intelligence developed thus far, so intelligence building must start from scratch.

Suggestion: Likely best to open a MailCleaner support ticket + ask their advice.

Also, in your ticket ask them how to use zstd to compress all these files, which for pure text like this... may recover 90%+ of your disk space.
David FavorFractional CTO
Distinguished Expert 2019

Commented:
Aside: https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.1-Btrfs-Changes provides another avenue of research.

My guess is many people will start using this approach, as a solution for the same situation you describe.

When Ubuntu Focal releases in a few weeks, Kernel 5.5 is set to ship, which includes BTRFS + ZSTD filesystems, which solves the many files + compression problem common across many projects.
Mohammed HamadaSenior IT Consultant

Author

Commented:

Hi David, I am not sure how to do so honestly especially if like you said this folder has such an important data that could be used to deter spam. 


Since this is production server I want to be very careful in dealing with it and extending the current drive would suffice for me, I can try other options in a lab. 


From the terminal I can see that /dev/sda3 is almost full! on the hypervisor I already added 100GB more now I wonder if it's possible to reflect this on the sda3?


Thank you

David FavorFractional CTO
Distinguished Expert 2019

Commented:
Since the docs are a bit unclear about if this data is required or not...

Best you open a ticket with MailCleaner support, as I suggested above.

Also, I should have thought of this before, in your ticket, ask them how to best compress these files.

Most systems systems allow saving files like this as compressed data, like .zip or .gzip files.

If you can just replumb your system to save .zstd files, this may be sufficient enough to solve your problem for now.

Suggestion: For your Hypervisor disk question, best open another question about this... with a title clearly related to this...

You'll have comments from the best Hypervisor people, if you take this approach.
Senior IT Consultant
Commented:

Hi David, 

I created a question in the mailcleaner forum and they suggested to lower the quarantine and spam retention which I have increased in the past to 90 days.


After decreasing the retention value, it took about 12 hours and the disk went to 50% of space. 

I guess that should be enough for now but I will try your suggestion with re plumbing the system to save in zstd format. 

Thank you


David FavorFractional CTO
Distinguished Expert 2019

Commented:
Glad you found a solution!

And yes, ask on the forum how to plumb in zstd, as the compress/decompress speed is amazing + the compression ratio is better than even XZ.