Linuxcat.org

Full Version: Plesk qmail cleanup
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
To look at the dodgy queue and find some suspects:
/var/qmail/bin/qmail-qread |less

Then in another window:
cd /var/qmail/queue
find –name <message number from qread>


If qmhandle is not installed:
wget http://jaist.dl.sourceforge.net/sourcefo...3.2.tar.gz
tar -xzvf qmhandle-1.3.2.tar.gz




on plesk servers to stop qmail fully:
/etc/init.d/qmail stop
/usr/local/psa/admin/bin/mailmng -o


**** MAKE SURE WATCHDOG DISABLED IN PLESK GUI “MODULES” LINK ****



Then clean up queue using qmhandle, usually I use:
./qmHandle –H’dodgydomainfromaddressorsimilar’
Then
.qmHandle –H’failure’
To remove failure notices from the spamming as well

/var/qmail/bin/qmailqread |less
For looking at the queue to see if any more obvious crap addresses.



Once finished cleanup:
to start:
/usr/local/psa/admin/bin/mailmng -p
/etc/init.d/qmail start






Then if looking for the incoming vector so you don’t need to keep cleaning over and over again:
cat /usr/local/psa/var/log/maillog |grep “smtp_auth”
or
cat /usr/local/psa/var/log/maillog |grep “spammer’s IP”

should help you find some results of which account(s) are being used.
Reference URL's