Log into Plesk panel.

Home >> Tools & Settings >> Server Management >> Services Management


There you can find the current MTA on the server.

Now, let's find the spammer in Qmail server.


How to find and stop spamming in Qmail server
?

To know the count of emails in qmail queue, we use the following command. It’s similar to exim -bpc in an exim mail server.

# /var/qmail/bin/qmail-qstat


It’ll list the count of emails in the queue. If the count is going high, then we can understand that there’s some sort of spamming on the server.


From just count, we’re unsure that from which account the spamming is happening. Now, we need to know from which domains the emails are arising. To know the details of emails that are in the queue, we use the following command:

# /var/qmail/bin/qmail-qread


This command is similar to exim -bp command in an exim mail server.


Next, we need to the know the email content of the queued emails. Only then we can confirm if it’s a spam email or not. For that we use:

# find /var/qmail/queue -name NNNN| xargs cat | less


Where NNNN is a 5 digit number.


This will give the email headers as well as the content of the message. By going through the headers we can identify if it’s sent from a PHP script or by compromising the email password. If you see “x-php script” in email headers, then it’s sent using PHP script.


If so, you can search the script by going to its document root and identify the particular script.

# cd /var/ww/vhosts/domain.com/httpdocs
# find ./* -iname "php script" 


Then you can identify the vulnerable script which is mass mailing from your account and you can remove it from the server. Yup, we completed “How to find and stop spamming in Qmail server,” next we need to remove them.

To remove spam emails from email queue in a Qmail server

Once we identified the spam script, we can remove it. Then we need to remove the entire spam emails from the queue. For that, we need to use the following commands:


First, stop qmail service on the server.

# service qmail stop


Then remove.

Then, use the following commands to remove emails from the queue:

#find /var/qmail/queue/mess -type f -exec rm {} \;
#find /var/qmail/queue/info -type f -exec rm {} \;
#find /var/qmail/queue/local -type f -exec rm {} \;
#find /var/qmail/queue/intd -type f -exec rm {} \;
#find /var/qmail/queue/todo -type f -exec rm {} \;
#find /var/qmail/queue/remote -type f -exec rm {} \;


Finally, start qmail service

# service qmail start
這篇文章有幫助嗎? 0 Users Found This Useful (0 Votes)