• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Find script who send spam emails

Milos Popovic

Milos Popovic

New Pleskian
Hi to all, I have a problem with spam emails send from one client.

I try to edit password of this client and this not resolve problem. I set limit 0 for outgoing mails for this domain. And I get about 25-40 rejected mails by hour.

In mail log I have info like this:
Apr 12 01:14:13 t132 postfix/smtp[27474]: 94A961F41DA9: to=<[email protected]>, relay=mx1.netsolmail.net[209.17.115.10]:25, delay=38, delays=3.6/32/1.9/0.89, dsn=5.7.1, status=bounced (host mx1.netsolmail.net[209.17.115.10] said: 554 5.7.1 The message from (<[email protected]>) with the subject of (Good Day) matches a profile the Internet community may consider spam. Please revise your message before resending. (in reply to end of DATA command))

Is it possible to find out which script sends these spam e-mails?

Thank you
 
You can also configure/set the "mail.log" parameter in your php.ini file, as this will log the exact scriptname (incl. full path), sender and recipient address for every mail sent.
 
If you're using one of the PHP versions distributed by Plesk itself, then the php.ini can be found under /opt/plesk/php/x.x/etc/php.ini
If you're using a PHP version provided by your OS, then it depends on you OS and handler type (fpm, fastcgi, module)
For example, on Debian/Ubuntu the php.ini can be found under /etc/php5/xxx/php.ini

Then you open this file with your prefered editor and search for "mail.log"
Uncomment the existing value or create a new one and set it to either
  • mail.log = syslog (or)
  • mail.log = /var/log/phpmails.log (you can choose any path/file you'd like)
If you're using a file, make sure that the PHP process the site is running with, has write permissions to.
As (except if you're using PHP as apache2 module) every sites PHP process runs with its own user, you have to configure this logfile with write permissions for anyone - i.e:
# touch /var/log/phpmails.log && chmod 666 /var/log/phpmails.log
 
Thank you, I find and delete this script.
Does anyone have any experience with Kaspersky AV for plesk? Does he check only incoming mail or check incoming and outgoing messages?

Thank you
 
You must log in or register to reply here.

Similar threads

I
Question mails that get lost
Replies
7
Views
4K
Inma
I
Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
2
Views
180
Sebahat.hadzhi
Sebahat.hadzhi
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
1K
Change Maker
C
S
Issue Outgoing emails get rejected - User not allowed to send Emails
Replies
6
Views
1K
Stephan.FediCom
S
A
Resolved Unwanted redirects to gmail, when receiving emails
Replies
5
Views
2K
arunda2
A
Back
Top