Recently we had someone upload a malicious script onto a customer wordpress site. After tracking it down and removing it, there was still a ton of random username@customer_domain.tld mail kicking around in the queue. To remedy I stumbled upon a command that would clear out all of the email associated to that user. In my example I will use customer_domain.tld, but you’d use whatever the fqdn is.
mailq | grep customer_domain.tld | awk ‘{print $1}’ | sed -e ‘s/\*//g’ | postsuper -d –

Likely there will be a lot of returned mail as well, so to clean that out you can use:
mailq | grep MAILER-DAEMON | awk ‘{print $1}’ | sed -e ‘s/\*//g’ | postsuper -d –

The spamming had gone on for quite a while unnoticed by the customer, and it ended up running all night and removing over 1.5 million articles of spam.

*I piped it through sed to remove the asterisk because some of the mailq id’s had an asterisk in them, but if you tried to pipe that to postsuper -d it came back with a ID not found.