How to find spamming in Qmail server?

Here I’m explaining you in some simple steps about how we can find the spamming in a Qmail server. Basically Plesk support two MTAs since version 9, Postfix and Qmail. It will run only one at a time. Which means either Postfix or Qmail. We can identify the current running MTA from Plesk Panel.

Log into Plesk panel. Home >> Tools & Settings >> Server Management >> Services Management.

There you can find the current MTA on the server.

And now it’s time to find the spammer in Qmail server 🙂

To know the count of emails in qmail queue, we use the following command. It’s similar to exim -bpc in an exim server.

# /var/qmail/bin/qmail-qstat

It’ll list the count of emails in the queue. If the count is going high, then we can understand that there’s some sort of spamming on the server.

From just count, we’re unsure that from which account the spamming is happening. Now, we need to know from which domains the emails are arising. To know the details of emails that are in the queue, we use the following command:

# /var/qmail/bin/qmail-qread

This command is similar to exim -bp command in an exim server.

Next we need to the know the email content of the queued emails. Only then we can confirm if it’s a spam email or not. For that we use:

# find /var/qmail/queue -name NNNN| xargs cat | less

Where NNNN is a 5 digit number.

This will give the email headers as well as content of the message. By going through the headers we can identify if it’s sent from a PHP script or by compromizing the email password. If you see “x-php script” in email headers, then it’s sent using PHP script.

If so, you can search the script by going to its document root and identify the particular script.

# cd /var/ww/vhosts/domain.com/httpdocs
# find ./* -iname "php script" 

Then you can identify the vulnerable script which is mass mailing from your account and you can remove it from the server.

How to remove spam emails from email queue in a Qmail server?

Yeah, once we idenitifed the spam script, we can remove it. Then we need to remove the entire spam emails from the queue. For that we can use the following commands:

1. Stop qmail service on the server.

# service qmail stop

Then, use the following commands to remove emails from the queue:

#find /var/qmail/queue/mess -type f -exec rm {} \;
#find /var/qmail/queue/info -type f -exec rm {} \;
#find /var/qmail/queue/local -type f -exec rm {} \;
#find /var/qmail/queue/intd -type f -exec rm {} \;
#find /var/qmail/queue/todo -type f -exec rm {} \;
#find /var/qmail/queue/remote -type f -exec rm {} \;

Finally, start qmail service

# service qmail start

yay!! That’s it!!

Heba Habeeb

Working as a Linux Server Admin, Infopark, Cochin, Kerala.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *