There was a problem loading the comments.

Identify Spam Activity in Plesk (Qmail) Server

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

How to Identify Spam Activity in Plesk (Qmail)

This post helps you to identify spam activity in Plesk server using Qmail. Plesk supports two Mail Transfer Agents (MTA). They are Postfix and Qmail. The newer versions of Plesk installed with Postfix mail server by default.

I have already written a post about Useful Qmail commands. You can see that thread before proceeding. Also, to identify the spam source in Plesk, you need to follow the below steps.

1. Create /var/qmail/bin/sendmail-wrapper script:

You can use your favourite editor to create the script. I am using VIM here.

  • vim /var/qmail/bin/sendmail-wrapper

Add the following to it.

  • #!/bin/sh
  • (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-wrapper "[email protected]"

2. Create a log file

  • touch /var/tmp/mail.send
  • chmod a+rw /var/tmp/mail.send

3. Set the executable permission for the wrapper script

  • chmod a+x /var/qmail/bin/sendmail-wrapper

4. Rename the sendmail.postfix script and link it to the wrapper script

  • mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
  • ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

Wait for some time (10 minutes to 60 minutes) and check the log file /var/tmp/mail.send. Also, revert the sendmail.postfix script back.

  • rm -f /var/qmail/bin/sendmail
  • mv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

To find the spam originating directory, run the following command:

  • grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

The above command will show you the spam originating directory consisting of the problematic PHP script.

That’s it!

Share via

Related Articles

Copyright © 2022 TheGigabit. All right reserved. Reg.No: 200701034297 (792326-P)