ServerTechSupport

Find Spammer in Plesk Qmail

by

Admin
in

SMTP Spamming

If the spammer is sending emails using SMTP (not some php or perl scripts) then you can can run the below commands to the users sending large number of emails
[bash]
grep -I smtp_auth /usr/local/psa/var/log/maillog |grep -I user |awk ‘{print $11}’ |sort |uniq -c |sort -n
[/bash]

PHP Script Spamming

Create a /var/qmail/bin/sendmail-wrapper script with below contents
[bash]
#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/log/mail.send|/var/qmail/bin/sendmail-qmail "$@"
[/bash]

Create log file /var/log/mail.send with write permissions. Set executable permission to the wrapper and rename old sendmail and link it to wrapper
[bash]
touch /var/log/mail.send
chmod a+rw /var/log/mail.send
chmod a+x /var/qmail/bin/sendmail-wrapper
mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail
[/bash]

Now all mails send from php scripts will be logged in /var/log/mail.send

[bash]
grep X-Additional /var/log/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e ‘s/HTTPD_VHOSTS_D//’ `
[/bash]

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


five + = 13