{"id":160,"date":"2011-11-24T10:22:00","date_gmt":"2011-11-24T10:22:00","guid":{"rendered":"http:\/\/pheonixsolutions.com\/?p=160"},"modified":"2011-11-24T10:22:00","modified_gmt":"2011-11-24T10:22:00","slug":"qmail-how-to-detect-spamming-in-qmail","status":"publish","type":"post","link":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/","title":{"rendered":"qmail &#8211; how to detect spamming in qmail."},"content":{"rendered":"<div dir=\"ltr\" style=\"text-align: left;\" trbidi=\"on\">To get rid of spam on your Qmail mail server:<\/p>\n<p>Make sure that all domains have the Mail to nonexistent user option set to Reject.This option is available since Parallels Plesk Panel 7.5.3 and can be changed for all the domains using group operations: select the domains, click Modify Selected, in the Preferences section select Switch on for the Mail to nonexistent user option and select the Reject value for it.<\/p>\n<p>Make sure that there are no untrusted IP addresses or networks in the white list.To do this, go to Home > Mail Server Settings > White List tab. To remove untrusted IP addresses or networks, select them in the list and click Remove Selected.<br \/>Check how many messages there are in the Qmail queue with:<\/p>\n<p># \/var\/qmail\/bin\/qmail-qstat <br \/>messages in queue: 27645<br \/>messages in queue but not yet preprocessed: 82<\/p>\n<p>If there are too many messages in the queue, try to find out where the spam is coming from. If the mail is being sent by an authorized user, but not from a PHP script, you can find out which user sent most of the messages with the following command:<br \/># cat \/usr\/local\/psa\/var\/log\/maillog |grep -I smtp_auth |grep -I user |awk &#8216;{print $11}&#8217; |sort |uniq -c |sort -n<\/p>\n<p>Note that the SMTP authorization option should be enabled on the server to see these records. The path to maillog may be different depending the OS you use. <br \/>Use the qmail-qread utility to read the messages headers<\/p>\n<p>:# \/var\/qmail\/bin\/qmail-qread <br \/>18 Jul 2005 15:03:07 GMT #2996948 9073 <user@domain.com> bouncing<br \/>done remote user1@domain1.com<br \/>done remote user2@domain2.com<br \/>done remote user3@domain3.com<\/p>\n<p>The qmail-qread utility shows messages\u00e2\u20ac\u2122 senders and recipients. If a message has too many recipients, then it is most probably spam. <br \/>Try to find the message in the queue by it\u00e2\u20ac\u2122s ID (for example, the message ID is #1234567)<\/p>\n<p>:# find \/var\/qmail\/queue\/mess\/ -name 1234567<br \/>Look into the message and find the first from the end Received line. It is where the message was initially sent from. <\/p>\n<p>If you find something like:Received: <br \/>(qmail 19514 invoked by uid 12345); 10 Sep 2008 17:48:22 +0700 <br \/>it means that this message was sent via a CGI script by user with UID 12345. <\/p>\n<p>Use this UID to find a corresponding domain:<\/p>\n<p># <b>grep 12345 \/etc\/passwd <\/b><\/p>\n<p>Received lines like:Received: (qmail 19622 invoked from network); 10 Sep 2008 17:52:36 +0700 <br \/>Received: from external_domain.com (192.168.0.1)<br \/>mean that the message was accepted for delivery via SMTP and the sender is an authorized mail user. <\/p>\n<p>If Received line contains an UID of an apache user (for example invoked by uid 48), it means that the spam was sent via an PHP script. In this case you can try to find the spammer using information from the spam e-mails (from\/to addresses, subjects, etc). But usually to find the spam source is very hard in this case. If you are sure that some script is sending spam at the current moment (the queue grows very fast), you can use this little script to find out what PHP scripts are running in real-time:<\/p>\n<p># lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk \u00e2\u20ac\u02dc { if(!str) { str=$1 } else { str=str\u00e2\u20ac\u009d,\u00e2\u20ac\u009d$1}}END{print str}\u00e2\u20ac\u2122` | grep vhosts | grep php <\/p>\n<p>To try to find out from what folder the PHP script that sends mail was run, create \/var\/qmail\/bin\/sendmail-wrapper script with the following content:<\/p>\n<p>#!\/bin\/sh<br \/>(echo X-Additional-Header: $PWD ;cat) | tee -a \/var\/tmp\/mail.send|\/var\/qmail\/bin\/sendmail-qmail \u00e2\u20ac\u0153$@\u00e2\u20ac\u009d<\/p>\n<p>Note, the paths can slightly differ depending on your OS and Parallels Plesk Panel version.<\/p>\n<p>Create a log file \/var\/tmp\/mail.send and grant it a+rw rights, make the wrapper executable, rename old sendmail and link it to the new wrapper:<\/p>\n<p># touch \/var\/tmp\/mail.send<br \/># chmod a+rw \/var\/tmp\/mail.send<br \/># chmod a+x \/var\/qmail\/bin\/sendmail-wrapper<br \/># mv \/var\/qmail\/bin\/sendmail \/var\/qmail\/bin\/sendmail-qmail<br \/># ln -s \/var\/qmail\/bin\/sendmail-wrapper \/var\/qmail\/bin\/sendmail<br \/>Wait for about an hour and revert sendmail back:<br \/># rm -f \/var\/qmail\/bin\/sendmail<br \/># ln -s \/var\/qmail\/bin\/sendmail-qmail \/var\/qmail\/bin\/sendmail<\/p>\n<p>Examine the \/var\/tmp\/mail.send file. There should be lines starting with X-Additional-Header pointing out to domains\u00e2\u20ac\u2122 folders where the script that sends the mail is located.<\/p>\n<p>You can see all the folders where mail PHP scripts were run from with the following command:<\/p>\n<p># grep X-Additional \/var\/tmp\/mail.send | grep `cat \/etc\/psa\/psa.conf | grep HTTPD_VHOSTS_D | sed -e \u00e2\u20ac\u02dcs\/HTTPD_VHOSTS_D\/\/\u00e2\u20ac\u2122 `<\/user@domain.com><\/div>\n","protected":false},"excerpt":{"rendered":"<p>To get rid of spam on your Qmail mail server: Make sure that all domains have the Mail to nonexistent user option set to Reject.This option is available since Parallels Plesk Panel 7.5.3 and can be changed for all the domains using group operations: select the domains, click Modify Selected,&hellip; <a href=\"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/\" class=\"more-link read-more\" rel=\"bookmark\">Continue Reading <span class=\"screen-reader-text\">qmail &#8211; how to detect spamming in qmail.<\/span><i class=\"fa fa-arrow-right\"><\/i><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-160","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-uncategorized","7":"h-entry","9":"h-as-article"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pheonix Solutions - We Empower Your Business Growth<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pheonix Solutions - We Empower Your Business Growth\" \/>\n<meta property=\"og:description\" content=\"To get rid of spam on your Qmail mail server: Make sure that all domains have the Mail to nonexistent user option set to Reject.This option is available since Parallels Plesk Panel 7.5.3 and can be changed for all the domains using group operations: select the domains, click Modify Selected,&hellip; Continue Reading qmail &#8211; how to detect spamming in qmail.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/\" \/>\n<meta property=\"og:site_name\" content=\"PHEONIXSOLUTIONS\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-11-24T10:22:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/09\/PX2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3837\" \/>\n\t<meta property=\"og:image:height\" content=\"2540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pheonixsolution\" \/>\n<meta name=\"twitter:site\" content=\"@pheonixsolution\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/0ffa33d73c869faec2d50e79c24e3503\"},\"headline\":\"qmail &#8211; how to detect spamming in qmail.\",\"datePublished\":\"2011-11-24T10:22:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/\"},\"wordCount\":745,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/\",\"name\":\"Pheonix Solutions - We Empower Your Business Growth\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#website\"},\"datePublished\":\"2011-11-24T10:22:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/qmail-how-to-detect-spamming-in-qmail\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"qmail &#8211; how to detect spamming in qmail.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\",\"name\":\"Pheonix Solutions\",\"description\":\"We Empower Your Business Growth\",\"publisher\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\",\"name\":\"PheonixSolutions\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/logo.png\",\"contentUrl\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/logo.png\",\"width\":454,\"height\":300,\"caption\":\"PheonixSolutions\"},\"image\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/PheonixSolutions-209942982759387\\\/\",\"https:\\\/\\\/x.com\\\/pheonixsolution\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/0ffa33d73c869faec2d50e79c24e3503\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\\\/\\\/blog.pheonixsolutions.com\"],\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pheonix Solutions - We Empower Your Business Growth","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/","og_locale":"en_US","og_type":"article","og_title":"Pheonix Solutions - We Empower Your Business Growth","og_description":"To get rid of spam on your Qmail mail server: Make sure that all domains have the Mail to nonexistent user option set to Reject.This option is available since Parallels Plesk Panel 7.5.3 and can be changed for all the domains using group operations: select the domains, click Modify Selected,&hellip; Continue Reading qmail &#8211; how to detect spamming in qmail.","og_url":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/","og_site_name":"PHEONIXSOLUTIONS","article_publisher":"https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/","article_published_time":"2011-11-24T10:22:00+00:00","og_image":[{"width":3837,"height":2540,"url":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/09\/PX2.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@pheonixsolution","twitter_site":"@pheonixsolution","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/#article","isPartOf":{"@id":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/"},"author":{"name":"admin","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/person\/0ffa33d73c869faec2d50e79c24e3503"},"headline":"qmail &#8211; how to detect spamming in qmail.","datePublished":"2011-11-24T10:22:00+00:00","mainEntityOfPage":{"@id":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/"},"wordCount":745,"commentCount":0,"publisher":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/","url":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/","name":"Pheonix Solutions - We Empower Your Business Growth","isPartOf":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#website"},"datePublished":"2011-11-24T10:22:00+00:00","breadcrumb":{"@id":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/pheonixsolutions.com\/blog\/qmail-how-to-detect-spamming-in-qmail\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/pheonixsolutions.com\/blog\/"},{"@type":"ListItem","position":2,"name":"qmail &#8211; how to detect spamming in qmail."}]},{"@type":"WebSite","@id":"https:\/\/pheonixsolutions.com\/blog\/#website","url":"https:\/\/pheonixsolutions.com\/blog\/","name":"Pheonix Solutions","description":"We Empower Your Business Growth","publisher":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pheonixsolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/pheonixsolutions.com\/blog\/#organization","name":"PheonixSolutions","url":"https:\/\/pheonixsolutions.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/12\/logo.png","contentUrl":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/12\/logo.png","width":454,"height":300,"caption":"PheonixSolutions"},"image":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/","https:\/\/x.com\/pheonixsolution"]},{"@type":"Person","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/person\/0ffa33d73c869faec2d50e79c24e3503","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","caption":"admin"},"sameAs":["http:\/\/blog.pheonixsolutions.com"],"url":"https:\/\/pheonixsolutions.com\/blog\/author\/admin\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p7F4uM-2A","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=160"}],"version-history":[{"count":0,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/160\/revisions"}],"wp:attachment":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}