To start, stop or restart the mail server by commands:
/etc/init.d/qmail restart | stop | start
Manage Mail Queue Qmail with Plesk
To view the statistics of the tail:
/usr/local/psa/admin/bin/mailqueuemng -s
Messages in local queue: 0 Messages in local queue: 0
Messages in remote queue: 0 Messages in remote queue: 0
Messages in todo queue: 0 Messages queued to: 0
Total Posts: 0 Total Posts: 0
Messages found: 0 The messages found: 0
Timestamp: 1215870834 Timestamp: 1215870834
– –
From this you can view the status of local qmails, Remote and list.
– If you want to make a delivery of queued messages now run the following command
/usr / local / psa / admin / bin / mailqueuemng to
– For a list of remote message queue:
/usr/local/psa/admin/bin/mailqueuemng -R
– list local message queue:
/usr/local/psa/admin/bin/mailqueuemng -L / Usr / local / dog / admin / am / mailqueuemng L-
– To delete messages with a particular pattern in Case
/usr/local/psa/admin/bin/mailqueuemng -S”text”
eg: /usr/local/psa/admin/bin/mailqueuemng -S”failure notice”
All error messages are deleted in the delivery. Note: Click here to view the matter of the messages that are stuck in the mail queue, can enter the folder: /var / qmail / queue / mess / There you will find several folders with names of numbers, and various numbers in each, Each number is a message / e just have to give to look at / open the file and ready.
– To delete all messages from the queue (Use with caution – possible loss of data)
/usr/local/psa/admin/bin/mailqueuemng -D
How to treat problems in Plesk Spam
Depending on the number of customers hosted on a server, find that account is sending spam can be difficult.
By Console we can see is the mail queue:
# /var/qmail/bin/qmail-qstat
messages in queue: 500
messages in queue but not yet preprocessed: 0
We 500 messages in the queue. Let the queue by qmail-read. Both queued mail without sending spam looks of.
# /var / qmail / bin / qmail-QReader
…
Examinamos el contenido de los mensajes en la cola usando el gestor de cola de correo de Plesk o bien el comando less. First we should find the message using qmail-qread, then the container file encontrarmos mail in / var / qmail / queue with the find command.
# /var/qmail/bin/qmail-read
[…]
20 John 2010 02:35:10 GMT #220458745 1552 <>
remote user@yahoo.com
[…]#find /var/qmail/queue/ -name 220458745
/var/qmail/queue/mess/12/220458745
/var/qmail/queue/remote/12/220458745
/var/qmail/queue/info/12/220458745# less /var/qmail/queue/mess/12/220458745
Received: (qmail 10728 invoked from network); 20 John 2010 02:35:10 +0100Received: from unknown (HELO User) (90.91.92.93)by domain.com with SMTP; 20 John 2010 02:35:10 +0100Reply-To: <support@bankofamerica.com>From: “PayPal”<support@bankofamerica.com>Subject: Bank of americaDate: Tue, 20 John 2010 02:35:10 +0100MIME-Version: 1.0Content-Type: text/html;charset=”Windows-1251″Content-Transfer-Encoding: 7bitX-Priority: 1X-MSMail-Priority: HighX-Mailer: Microsoft Outlook Express 6.00.2600.0000X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000[…]
Go, seem to have someone sending spam from the IP address: 90.91.92.93 (ip is a fictional example as mail data). Now we should remove these messages before they put us in the server ip blacklist.
Once removed, see that we still have the same messages.
It is time to use tcpdump to analyze the traffic of the ip that is giving us the can.
# tcpdump -i eth0 -n src 90.91.92.93 \or dst 90.91.92.93 -w smtp.tcpdump -s 2048
This analyze all incoming and outgoing traffic of the ip and store it in a file called smtp.tcpdump, which is then analyzed using the less command.
220 server.domain.com ESMTP
helo User
250-server.domain.com
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdA==
334 UGFzc3dvcmQ6
MTIzNDU=
235 go ahead
Quizá esté algo más enrevesado o con caracteres de otra codificación, but what we have to look beneath the numbers 334, and find username and password.
We proceed to decode these strings using perl:
#perl –MIME::Base64 -e ‘print decode_base64(“dGVzdA==”)’
#perl –MIME::Base64 -e ‘print decode_base64(“MTIzNDU=”)’
This will reveal the user and password that has been authenticated that spammer and review the server, because a customer has created a user named "test" with contrasela "12345"
# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa
[…]
mysql> SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) ON (m.dom_id = d.id AND m.account_id = a.id) WHERE m.mail_name=’test’ AND a.password=’12345′;
+———– ———— ———-
| mail_name | name | password |
+———– ———— ———-
| test | example.com | 12345 |
+———– ———— ———-
1 row in set (0.01 sec)
Well, now proceed to delete the account and repeat customer "NO PASSWORD MUST USE UNSAFE"
Se recomienda que se active en el servidor lo siguiente:
Server Settings > Mail > Check the passwords for mailboxes in the vocabulary.
– See more at: http://www.cordobyte.com/blog/2010/02/como-tratar-problemas-de-spam-en-plesk/#sthash.qufPugxt.dpuf
SOURCE: http://www.webnaranja.com/foros.php?t=860
http://www.cordobyte.com/blog/2010/02/como-tratar-problemas-de-spam-en-plesk/