#Qmail spam prevention:
Start Qmail
/etc/init.d/qmail start
/etc/init.d/xinetd start
Stop Qmail
/etc/init.d/qmail stop
/etc/init.d/xinetd stop
The server is overloaded with SPAM. There are many messages in queue. Mail is delivered slowly. ftp://download1.swsoft.com/Plesk/Plesk9.2/Doc/en-US/plesk-9.0-unix-advanced-administration-guide/index.htm?fileName=61674.htm
Many email messages are sent from PHP scripts on the server. How can I find what domains these scripts are running on?
http://kb.swsoft.com/article_22_1711_en.html
Qmail var log location
/usr/local/psa/var/log/maillog
View the log in realtime
tail -f /usr/local/psa/var/log/maillog
Check qmail que size
/var/qmail/bin/qmail-qstat
###qmHandle
Install qmhandle
wget http://jaist.dl.sourceforge.net/sourceforge/qmhandle/qmhandle-1.3.2.tar.gz
tar xvzf qmhandle-1.3.2.tar.gz
chmod 777 qmhandle-1.3.2/qmHandle
Edit the file, uncomment the following lines, and comment out the default version
#my ($stopqmail) = '/etc/init.d/qmail stop';
#my ($startqmail) = '/etc/init.d/qmail start';
the move it to /usr/local/sbin/
mv qmhandle-1.3.2/qmHandle /usr/local/sbin/qmHandle
Show current queue stats:
qmHandle -s
List messages in the mail queue:
qmHandle -l
Get extended info about the Queue.
/usr/local/sbin/qmHandle -l -c
List messages in the mail queue while counting how many have the same subject:
qmHandle -l|grep Subject|sort| uniq -c|sort -n
List SMTP authorized senders from mail log and count how many emails they've sent:
cat /usr/local/psa/var/log/maillog |grep -I smtp_auth | grep -I 'SMTP user' | awk '{print $8}' | sort |uniq -c |sort -n
List IP Addresses that have failed SMTP authentication and count them
cat /usr/local/psa/var/log/maillog | grep -I smtp_auth | grep -I FAILED | awk '{print $13}' | sort | uniq -c | sort -n
Read a message in the queue:
qmHandle -m123456789
Delete a message based on subject:
qmHandle -S'failure notice'
qmHandle -S'Order Tracking'
qmHandle -S'Tracking Service'
qmHandle -S'Shipping Detail'
qmHandle -S'Order Detail'
qmHandle -S'Shipping Info'
qmHandle -S'Shipping Information'
qmHandle -S'Order Shipped'
qmHandle -S'Order Information'
qmHandle -S'Shipping Service'
qmHandle -S'Tracking Detail'
qmHandle -S'Tracking Info'
qmHandle -S'Tracking Information'
Queue up several subjects for deletion
qmHandle -S'failure notice' ; qmHandle -S'Order Tracking' ; qmHandle -S'Tracking Service'
Delete specific spam emails
qmHandle -H'smilesbymartin.com'
qmHandle -H'federalwaydentist.net'
qmHandle -H'bbjp.net'
qmHandle -H'periozone.com'
To delete the entire Queue (pretty slow if it's huge)
qmHandle -D
To delete the entire Queue as files then start qmail back up (probably faster)
service qmail stop && find /var/qmail/queue/{mess,intd,local,remote,todo,info}/ -type f -exec rm {} \; && service qmail start
For looking at the queue to see if any more obvious crap addresses.
/var/qmail/bin/qmail-qread | less
###Find incoming vector
should help you find some results of which account(s) are being used.
cat /usr/local/psa/var/log/maillog | grep "smtp_auth"
cat /usr/local/psa/var/log/maillog | grep "spammer’s IP"
cat /usr/local/psa/var/log/maillog | grep "202.64.64.68"
/usr/local/psa/admin/sbin/mchk --without-spam
lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` | grep vhosts | grep php
/usr/local/psa/bin/mail --off roadsidemultimedia.com
sudo iptables -I INPUT -s 88.2.145.216 -j DROP