Spamming Plesk

From Psygen Wiki
Jump to navigation Jump to search

Plesk is spamming!!

What to do: 1. Panic.

Postfix is really grumpy about working with you to figure out what it's doing.


E-mails in queue:

function _line { echo "=======Emails in $DIR Queue======="; };cd /var/spool/postfix;ls -l|egrep -o "deferred|hold|active|corrupt|defer|maildrop"|while read DIR; do _line; ls -lA $DIR|wc -l; echo; done;cd - 1>/dev/null;


Size of the queue:
postqueue -p | grep -c '^[0-9A-Z]'


Print the messages in the queue with the UID:
postqueue -p


Print the email message in the terminal:
postcat -q $UID


Check for originating scripts

In the php mail log:
grep eval /var/log/php_maillog| grep -Po "(?<=\[).*?(?=\()"|sort -b|uniq -c |sort -rnk1

No php maillog (Booo!) We can still check the mail headers... but this is very SLOW:
for i in $(postqueue -p | grep '^[0-9A-Z]'| awk '{print $1}'); do postcat -q $i | grep 'X-PHP-Originating-Script'; done | cut -d':' -f1- | sort -b|uniq -c|sort -rnk1


This finds the script from the above... I think...
find $PATH -type f -exec grep -Ea -o Script\:\ digit:+\:alnum:+\.php {} \;|sort|uniq -c|sort -rnk1

Retrieved from "https://wiki.psygen.org/index.php?title=Spamming_Plesk&oldid=13000"