Skip to content

Plesk Qmail Help & Support

Compilation of articles I have been useful for maintenance and management of : Qmail, Spam detection, Maintenance of the mail queue, etc.

To start, stop or restart the server plesk / dog:

/etc/init.d/psa stop o psa start

To start, stop or restart the mail server by commands:

/etc/init.d/qmail restart  | stop | start

Manage Mail Queue Qmail with Plesk

To view the statistics of the tail:

 /usr/local/psa/admin/bin/mailqueuemng -s   
 Messages in local queue: 0 Messages in local queue: 0 
 Messages in remote queue: 0 Messages in remote queue: 0 
 Messages in todo queue: 0 Messages queued to: 0 
 Total Posts: 0 Total Posts: 0 
 Messages found: 0 The messages found: 0 
 Timestamp: 1215870834 Timestamp: 1215870834 
 – - 

 From this you can view the status of local qmails, Remote and list. 

 - Si usted desea hacer una entrega de los mensajes en cola ahora ejecutar el siguiente comando 

 /usr/local/psa/admin/bin/mailqueuemng -a 

 - For a list of remote message queue: 

 /usr/local/psa/admin/bin/mailqueuemng -R

- list local message queue: 

 /usr/local/psa/admin/bin/mailqueuemng -L / Usr / local / dog / admin / am / mailqueuemng L- 

 - Para borrar los mensajes con un patrón particular en el asunto 

 /usr/local/psa/admin/bin/mailqueuemng -S”text” 

 eg: /usr/local/psa/admin/bin/mailqueuemng -S”failure notice”

Se eliminarán todos los mensajes de error en la entrega. Note: Click here to view the matter of the messages that are stuck in the mail queue, can enter the folder: /var/qmail/queue/mess/  There you will find several folders with names of numbers, and various numbers in each, Each number is a message / e just have to give to look at / open the file and ready.
- To delete all messages from the queue (Use with caution - possible loss of data) 

 /usr/local/psa/admin/bin/mailqueuemng -D

How to Treat Problems Plesk Spam – Qmail

Here I found another article Annex, to help us locate emails on qmail ervidor, open, watch your content, detect spam attacks, etc.
- Depending on the number of customers hosted on a server, find that account is sending spam can be difficult.

By Console we can see is the mail queue:

    # /var/qmail/bin/qmail-qstat
    messages in queue: 500
    messages in queue but not yet preprocessed: 0

We 500 messages in the queue. Let the queue by qmail-read. Both queued mail without sending spam looks of.

    # /var/qmail/bin/qmail-qread
    …

Examinamos el contenido de los mensajes en la cola usando el gestor de cola de correo de Plesk o bien el comando less. First we should find the message using qmail-qread, then the container file encontrarmos mail in / var / qmail / queue with the find command.

    # /var/qmail/bin/qmail-read
    [...]
    20 John 2010 02:35:10 GMT #220458745    1552  <>
    remote user@yahoo.comThis email address is being protected from spam bots. You need JavaScript enabled to view it  [...]

    #find /var/qmail/queue/ -name 220458745
    /var/qmail/queue/mess/12/220458745
    /var/qmail/queue/remote/12/220458745
    /var/qmail/queue/info/12/220458745

    # less /var/qmail/queue/mess/12/220458745
    Received: (qmail 10728 invoked from network); 20 John 2010 02:35:10 +0100
    Received: from unknown (HELO User) (90.91.92.93)
    by domain.com with SMTP; 20 John 2010 02:35:10 +0100
    Reply-To: < support@bankofamerica.comThis email address is being protected from spam bots. You need JavaScript enabled to view it >
    From: “PayPal”< support@bankofamerica.comThis email address is being protected from spam bots. You need JavaScript enabled to view it >
    Subject: Bank of america
    Date: Tue, 20 John 2010 02:35:10 +0100
    MIME-Version: 1.0
    Content-Type: text/html;
    charset=”Windows-1251″
    Content-Transfer-Encoding: 7bit
    X-Priority: 1
    X-MSMail-Priority: High
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    [...]

Go, seem to have someone sending spam from the IP address: 90.91.92.93 (ip is a fictional example as mail data). Now we should remove these messages before they put us in the server ip blacklist.
Once removed, see that we still have the same messages.
It is time to use tcpdump to analyze the traffic of the ip that is giving us the can.

    # tcpdump -i eth0 -n src 90.91.92.93 \or dst 90.91.92.93 -w smtp.tcpdump -s 2048

This analyze all incoming and outgoing traffic of the ip and store it in a file called smtp.tcpdump, which is then analyzed using the less command.

    220 server.domain.com ESMTP
    helo User
    250-server.domain.com
    250-AUTH=LOGIN CRAM-MD5 PLAIN
    250-AUTH LOGIN CRAM-MD5 PLAIN
    250-STARTTLS
    250-PIPELINING
    250 8BITMIME
    AUTH LOGIN
    334 VXNlcm5hbWU6
    dGVzdA==
    334 UGFzc3dvcmQ6
    MTIzNDU=
    235 go ahead

Quizá esté algo más enrevesado o con caracteres de otra codificación, but what we have to look beneath the numbers 334, and find username and password.

We proceed to decode these strings using perl:

    #perl –MIME::Base64 -e ‘print decode_base64(“dGVzdA==”)’
    #perl –MIME::Base64 -e ‘print decode_base64(“MTIzNDU=”)’

Esto nos revelará el usuario y contraseña con los que se ha autentificado dicho spammer y revisaremos el servidor, because a customer has created a user named "test" with contrasela "12345"

    # mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa
    [...]
    mysql> SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) ON (m.dom_id = d.id AND m.account_id = a.id) WHERE m.mail_name=’test’ AND a.password=’12345′;
    +———– ———— ———- 
    | mail_name | name | password |
    +———– ———— ———- 
    | test | example.com | 12345 |
    +———– ———— ———- 
    1 row in set (0.01 sec)

Well, ahora procedemos a eliminar la cuenta y repetirle al cliente que “NO SE DEBEN USAR CONTRASEÑAS INSEGURAS”

Se recomienda que se active en el servidor lo siguiente:

Server Settings > Mail > Check the passwords for mailboxes in the vocabulary.

Cool trick to find email accounts with passwords qmail plesk-easy:
We can even perform tests by using this, la cual nos indicará que usuarios de correo tienen como contraseña “12345″

SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) ON (m.dom_id = d.id AND m.account_id = a.id) WHERE a.password=’12345′;
Sources:
http://www.cordobyte.com/blog/2010/02/como-tratar-problemas-de-spam-en-plesk/
http://www.forosdelweb.com/f92/destrabar-cola-correo-no-procesado-625181/
http://youropensource.com/projects/482-How-to-Managethe-mail-queue-in-Plesk
http://www.por-correo.com/index.php/articulos/8-articulos/29-servidor-de-correo-qmail-con-plesk-ayuda-y-mantenimiento.html