Simple: The mail sender is shown
Mail spamming from the same e-mail address
# mailq | grep Jan | grep spamingdomain | head 8AC90122DEB 27228 Tue Jan 16 10:11:20 noreply@spamingdomain.com 86F801223A3 27224 Tue Jan 16 09:51:11 noreply@spamingdomain.com 85D341230B6 27436 Thu Jan 11 09:40:57 noreply@spamingdomain.com 88269122DF5 27234 Tue Jan 16 10:06:22 noreply@spamingdomain.com 89F6E120E8F 27798 Sat Jan 13 09:41:10 noreply@spamingdomain.com 80B81126E86 27274 Tue Jan 16 07:55:49 noreply@spamingdomain.com 8B0BB12206C 27444 Fri Jan 12 10:10:16 noreply@spamingdomain.com 826851231B8 27436 Thu Jan 11 11:26:42 noreply@spamingdomain.com 87545122EE3 27262 Tue Jan 16 10:11:26 noreply@spamingdomain.com 8EB79126F04 27254 Tue Jan 16 09:21:14 noreply@spamingdomain.com
You can go through all the mails in the mail queue:
mailq | grep Jan | grep spamingdomain | head
and delete them:
mailq | grep Jan | grep spamingdomain | awk '{print $1}' | postsuper -d -
or
postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } / *@spamingdomain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -
Advanced: Someone hacked a mail account and fakes the sender e-mail address
In this case, the content of the mail needs to be checked for the “sasl_username”. For example:
# postcat -q <mailid> |more *** ENVELOPE RECORDS deferred/6/6690C122D84 *** message_size: 27228 751 1 0 27211 message_arrival_time: Tue Jan 16 10:06:17 2018 create_time: Tue Jan 16 10:06:17 2018 named_attribute: log_ident=6690C122D84 named_attribute: rewrite_context=local named_attribute: sasl_method=LOGIN named_attribute: sasl_username=newsletter@example.com sender: noreply@spamingdomain.ch named_attribute: log_client_name=webserver-xyz.com named_attribute: log_client_address=IPv6:::1
The sasl_username shows the mail account which was used for sending the e-mail.
To delete all mails in the mail queue from a mail account (don’t forget to adapt the month “Jan” and the mail account!):
for mail in $(mailq| grep Jan | awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "sasl_username=spammer@example.com") ]]; then echo $mail; postsuper -d $mail ; fi ; done
Advanced: Delete mails from MAILER-DAEMON which are redirect mails:
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "blocked by Spamhaus DBL") ]]; then echo $mail; postsuper -d $mail ; fi ; done
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "spf policy (FAILED)") ]]; then echo $mail; postsuper -d $mail ; fi ; done
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "blocked by Spamhaus DBL") ]]; then echo $mail; postsuper -d $mail ; fi ; done
for mail in $(mailq|grep MAILER-DAEMON|awk '{print $1}'); do if [[ -n $(postcat -q $mail | grep "") ]]; then echo $mail; postsuper -d $mail ; fi ; done
Check phpMail.log
tail -f /var/log/phpmail.log tail -n 50 /var/log/phpmail.log
To see the whole file
cat /var/log/phpmail.log
Confixx & Plesk
Confixx License renewal
/root/confixx/admin/contrib/auto_reg.pl
Release Confixx changes
/root/confixx/confixx_counterscript.pl
Generate Zone File
# Execute newdomain script /root/newdomain.sh $domain $server
General Linux commands
Remove filetype recursively
Search for a filetype inside a folder recursively and delete it (e.g. WordPress Theme, Plugin or WP-Content got hacked.)
find . -name "*.xml" -type f|xargs rm -f
find . -name "*.xml" -type f|xargs rm -f
How many mails are in the mail queue
mailq | grep -c „^[A-F0-9]“
show how many mails are in the q
Unable to use Let’s Encrypt in Plesk
Error: ERR_INCOMPLETE_CHUNKED_ENCODING
service sw-engine restart
service sw-cp-server restart
Apache Configtest – bad user name
apache2: bad user name webXY
/etc/apache2/confixx_vhosts6 # rm webXY.conf
/etc/apache2/confixx_vhosts6 # apache2ctl configtest
Clean Logfiles
rm -f /var/log/*-2013*.gz