• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question would this qmail anti-spam script work with postfix?

Linulex

Silver Pleskian
This a question for the postfix experts. We still use qmail because we have a very easy script that logs every path a mail is send from. This works wonders to find a hacked/spamming website. Would this work in postfix? If not, would some adjustments help to get it working, or will this never work in postfix?

All that is needed now is to rename /var/qmail/bin/sendmail to /var/qmail/bin/sendmail.real and replace /var/qmail/bin/sendmail with this script

create an amty log with the correct rights, place it in logrotation, etc...

Code:
#!/usr/bin/perl -w

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/formmail") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
print INFO "$date - $PWD - @info\n";
my $mailprog = '/var/qmail/bin/sendmail.real';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);


Copyright: some poster on this forum between 2001 and 2005 (can't remember, but i have it from the plesk forum).

regards
Jan
 
Hi Linulex,

Plesk provides two articles, which help to identify spam on your server. The suggestions will log as well the directory of the used script(s), which sent mail over sendmail. Maybe these articles are as well usefull for you?!? :


 
Hi UFHH01

https://kb.plesk.com/1711 is for qmail, the script we use is way better then this method. The script permanently logs every mail sent via the server. Even root that sends a cron mail. If it passes trough /var/qmail/bin/sendmail, it will be logged.
It can be installed on the server at setup and be there forever. When spam is send, all you have to do is open the log.

Would it be possible to create sendmail.postfix-wrapper at server setup and leave it there forever? Creating it after a spammer has been active (and probably already has stopped) isn't very pro-active (God i hate that word). As explained there, its only useful if the spammer is busy at that very moment.

The log is also needed for legal reasons. Customers pay for 24/7 hosting, not 23 hours a day hosting, if you take away things they payed for (by disabling it till they fix/update), you need some proof that they did something they where not supposed to do.

Regards
Jan
 
Would it be possible to create sendmail.postfix-wrapper at server setup and leave it there forever? Creating it after a spammer has been active (and probably already has stopped) isn't very pro-active (God i hate that word). As explained there, its only useful if the spammer is busy at that very moment.
Sure, but I would first recommend to change the log - destination from "/var/tmp/mail.send" to "/var/log/mail.send" and I would add an additional logrotate configuration for it at "/etc/logrotate.d".

Afterwards, rename your wrapper to for example "before-sendmail-postfix-wrapper" and pls. revert your changes that you made, according to the suggestions from the Plesk KB - article, to get back to your standard configuration.

To continue, you are able to use an additional unique mail-handler, which might be called BEFORE sendmail. @VNick provided some official additional informations for Plesk Onyx mail - handler queues:
Here's some info on the mail handler queues in Plesk. Note that the information below is actual for Plesk Onyx, although it is also mostly applicable to previous Plesk versions (with some small differences).

The following queues are available:
  1. before-data (0) — handlers are called before DATA in SMTP session is available (obviously, this triggers only within SMTP session);
    1. on QMail invoked from qmail-queue (no real difference from before-queue except these handlers are executed before before-queue ones);
    2. on Postfix invoked from Plesk milter (which is registered in Postfix as smtpd_milters, service name is pc-remote);
  2. before-queue (1) — handlers are called after DATA is available and before mail gets into mail queue (also SMTP session only);
    1. on QMail invoked from qmail-queue;
    2. on Postfix invoked from the Plesk milter;
  3. before-remote (3) — handlers are called before mail leaves this server (though they may be called in other cases as well), triggered for mail sent both via SMTP and sendmail;
    1. on QMail invoked from qmail-remote;
    2. on Postfix this is effectively equivalent to placing a handler both into before-queue and before-sendmail (except these handlers will be executed after handlers in both of these queues);
  4. before-sendmail (4) — handlers are called before mail is actually passed to sendmail (triggers only for mail sent via the sendmail utility);
    1. regardless of MTA handlers are invoked from Plesk sendmail wrapper which is actually called when the sendmail utility is used;
  5. before-local (2) — handlers are called before mail is delivered locally;
    1. on QMail invoked from qmail-local;
    2. on Postfix invoked from virtual_transport (called plesk_virtual, which calls postfix-local Plesk utility).
I think this should be enough to understand the behavior you're getting. Basically in your case, before-remote is called when mail gets into queue, before-local is called before mail is delivered.
In addition, you have the official Plesk extensions - documentation :


Now that you are informed about the mail - handler - queues, you would continue with

Registering Mail Handlers ( official Plesk Onyx ( 17.0 ) online documentation - Developing Extensions for Plesk )

... and use the example - options:

--priority=30
--name=YOUR_UNIQUE_NAME_FOR_THE_BEFORE_SENDMAIL_HANDLER
--queue=before-sendmail
--type=global
--executable=/usr/sbin/before-sendmail-postfix-wrapper
--context=none
--enabled


... I think, that should be sufficient and a working suggestion... if it doesn't work, pls. wait for an answer from @VNick or any other Plesk-Team-Member. :D
 
@Linulex, yes your script would work with Postfix as well. However I strongly advise against applying it as is since it's easy to affect security and behavior on package updates.

A much better option would be to implement a custom mail handler as suggested by @UFHH01.

Please also check out Outgoing Mail Control feature of Plesk. It can help you set up limits on outgoing mail and even prohibit using sendmail for given system users with just a couple of clicks. See documentation here: https://docs.plesk.com/en-US/12.5/administrator-guide/mail/protection-from-outbound-spam.71349/
 
@VNick

yes your script would work with Postfix as well

Thank you. Thats what i needed to know. Are there any known bugs, or points to watch out for, when switching a life server from qmail to postfix?

I start a testserver then. Switching MTA is not a small undertaking and must be planned very good. One of the reasons we still use qmail is this script, the other is the ability to recieve email with short login. A lot of our customers still use that, so we must tackle that first. We have a custom setup atm, recieve = short or full allowed, send via 587 is only full allowed. We must mail everyone then that recieve will also change to only full allowed.

I know and have looked into the Outgoing Mail Control feature but this is not for us, we have a lot of clients that use mailinglists. We have our own monitors that check the size of a mailqueue every 5 minutes and alerts us when it goes over a set point. Plus the scripts only goal in life is to pinpoint a hacked website. The Outgoing Mail Control feature doesn't do that.

I am not to worried about updates. The worst that can happen is that sendmail gets updated/overwritten and then everyting is back to standard.

@UFHH01

Thanx for the info i will look into this. Maybe even an idea for an extension. Maybe even an extension by Plesk as it would help security a lot. nudge nudge wink wink.

regards
Jan
 
Last edited:
Before switching, it is recommended to wait until all queued mail is delivered and stop the SMTP service to stop receiving emails. Other than that the process should be smooth.

Please also note that by replacing sendmail (depending on the exact way you do it) you may inadvertently break some mail functionality in Plesk, such as parts of Outgoing Mail Control and recipient mail quota checks before delivery.
 
Good point to stop smtp, ill keep that in mind.

I don't replace sendmail, only rename it and place the script in its place with the same user and rights.
After the script is done with it, the mails is handed over to the renamed sendmail executable. So nothing is changed in the way mail is handled, only an extra step inserted to log the path.

regards
Jan
 
Back
Top