Identify spamming and take necessary actions!!

How to find and stop spamming in Qmail server? Here I’m explaining you in some simple steps about how we can find the spamming in a Qmail server. Basically Plesk support two MTAs since version 9, Postfix and Qmail.

It will run only one at a time. Which means either Postfix or Qmail. We can identify the current running MTA from Plesk Panel.

  1. Log into Plesk panel.
  2. Home >> Tools & Settings >> Server Management >> Services Management.
How to find and stop spamming in Qmail server

How to find and stop spamming in Qmail server

There you can find the current MTA on the server.

And now it’s time to find the spammer in Qmail server 🙂 Okay lets move to the topic..

how to find and stop spamming in Qmail server?

To know the count of emails in qmail queue, we use the following command. It’s similar to exim -bpc in an exim mail server.

# /var/qmail/bin/qmail-qstat

It’ll list the count of emails in the queue. If the count is going high, then we can understand that there’s some sort of spamming on the server.

How to find and stop spamming in Qmail server

How to find and stop spamming in Qmail server

From just count, we’re unsure that from which account the spamming is happening. Now, we need to know from which domains the emails are arising. To know the details of emails that are in the queue, we use the following command:

# /var/qmail/bin/qmail-qread

This command is similar to exim -bp command in an exim mail server.

How to find and stop spamming in Qmail server

How to find and stop spamming in Qmail server

Next we need to the know the email content of the queued emails. Only then we can confirm if it’s a spam email or not. For that we use:

# find /var/qmail/queue -name NNNN| xargs cat | less

Where NNNN is a 5 digit number.

This will give the email headers as well as content of the message. By going through the headers we can identify if it’s sent from a PHP script or by compromising the email password. If you see “x-php script” in email headers, then it’s sent using PHP script.

If so, you can search the script by going to its document root and identify the particular script.

# cd /var/ww/vhosts/domain.com/httpdocs
# find ./* -iname "php script" 

Then you can identify the vulnerable script which is mass mailing from your account and you can remove it from the server. Yup we completed “How to find and stop spamming in Qmail server,” next we need to remove them.

How to check spamming on server which has Exim MTA?

Electronic spamming is the use of electronic messaging systems to send unsolicited messages (spam), especially advertising, as well as sending messages repeatedly on the same site.

It happens in many ways on a mail server. Spamming is one of the common and frequent problem in web hosting industry. Spamming can cause your server’s IPs blocked at different RBLs, if any accounts in your server sends multiple spam emails.

How to remove spam emails from email queue in a Qmail server?

Yeah, once we idenitifed the spam script, we can remove it. Then we need to remove the entire spam emails from the queue. For that we can use the following commands:

First stop qmail service on the server.

# service qmail stop

Then remove..

Then, use the following commands to remove emails from the queue:

#find /var/qmail/queue/mess -type f -exec rm {} \;
#find /var/qmail/queue/info -type f -exec rm {} \;
#find /var/qmail/queue/local -type f -exec rm {} \;
#find /var/qmail/queue/intd -type f -exec rm {} \;
#find /var/qmail/queue/todo -type f -exec rm {} \;
#find /var/qmail/queue/remote -type f -exec rm {} \;

Finally, start qmail service

# service qmail start

yay!! That’s it!!