Kategorien
Knowledge-Base

Basic Linux commands for web server

Simple: The mail sender is shown
Mail spamming from the same e-mail address

# mailq | grep Jan | grep spamingdomain | head
8AC90122DEB    27228 Tue Jan 16 10:11:20  noreply@spamingdomain.com
86F801223A3    27224 Tue Jan 16 09:51:11  noreply@spamingdomain.com
85D341230B6    27436 Thu Jan 11 09:40:57  noreply@spamingdomain.com
88269122DF5    27234 Tue Jan 16 10:06:22  noreply@spamingdomain.com
89F6E120E8F    27798 Sat Jan 13 09:41:10  noreply@spamingdomain.com
80B81126E86    27274 Tue Jan 16 07:55:49  noreply@spamingdomain.com
8B0BB12206C    27444 Fri Jan 12 10:10:16  noreply@spamingdomain.com
826851231B8    27436 Thu Jan 11 11:26:42  noreply@spamingdomain.com
87545122EE3    27262 Tue Jan 16 10:11:26  noreply@spamingdomain.com
8EB79126F04    27254 Tue Jan 16 09:21:14  noreply@spamingdomain.com

You can go through all the mails in the mail queue:

mailq | grep Jan | grep spamingdomain | head

and delete them:

mailq | grep Jan | grep spamingdomain | awk '{print $1}' | postsuper -d -

or

postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } / *@spamingdomain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -

Advanced: Someone hacked a mail account and fakes the sender e-mail address
In this case, the content of the mail needs to be checked for the “sasl_username”. For example:

# postcat -q <mailid> |more
*** ENVELOPE RECORDS deferred/6/6690C122D84 ***
message_size:           27228             751               1               0           27211
message_arrival_time: Tue Jan 16 10:06:17 2018
create_time: Tue Jan 16 10:06:17 2018
named_attribute: log_ident=6690C122D84
named_attribute: rewrite_context=local
named_attribute: sasl_method=LOGIN
named_attribute: sasl_username=newsletter@example.com
sender: noreply@spamingdomain.ch
named_attribute: log_client_name=webserver-xyz.com
named_attribute: log_client_address=IPv6:::1

The sasl_username shows the mail account which was used for sending the e-mail.
To delete all mails in the mail queue from a mail account (don’t forget to adapt the month “Jan” and the mail account!):

for mail in $(mailq| grep Jan | awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "sasl_username=spammer@example.com") ]]; then echo $mail; postsuper -d $mail ; fi ; done

Advanced: Delete mails from MAILER-DAEMON which are redirect mails:

for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "blocked by Spamhaus DBL") ]]; then echo $mail; postsuper -d $mail ; fi ; done
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "spf policy (FAILED)") ]]; then echo $mail; postsuper -d $mail ; fi ; done
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "blocked by Spamhaus DBL") ]]; then echo $mail; postsuper -d $mail ; fi ; done
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "") ]]; then echo $mail; postsuper -d $mail ; fi ; done

Check phpMail.log

tail -f /var/log/phpmail.log
tail -n 50 /var/log/phpmail.log

To see the whole file

cat /var/log/phpmail.log

Confixx & Plesk

Confixx License renewal

/root/confixx/admin/contrib/auto_reg.pl

Release Confixx changes

/root/confixx/confixx_counterscript.pl

Generate Zone File

# Execute newdomain script /root/newdomain.sh $domain $server

General Linux commands

Remove filetype recursively
Search for a filetype inside a folder recursively and delete it (e.g. WordPress Theme, Plugin or WP-Content got hacked.)

find . -name "*.xml" -type f|xargs rm -f

find . -name "*.xml" -type f|xargs rm -f

How many mails are in the mail queue

mailq | grep -c „^[A-F0-9]“

show how many mails are in the q

Unable to use Let’s Encrypt in Plesk

Error: ERR_INCOMPLETE_CHUNKED_ENCODING

service sw-engine restart
service sw-cp-server restart

Apache Configtest – bad user name

apache2: bad user name webXY

/etc/apache2/confixx_vhosts6 # rm webXY.conf
/etc/apache2/confixx_vhosts6 # apache2ctl configtest

Clean Logfiles

rm -f /var/log/*-2013*.gz