qmHandle

#compter les mails dans la liste d’attente
/var/qmail/bin/qmail-qstat

#qmHandle lister les mails (l : liste, c : couleur)
qmHandle -l -c

#stop qmail
/etc/init.d/qmail stop

#pour lister
qmail-remove -p @domainesuspect.com

#pour lister et remove (l’ordre des paramètres compte)
qmail-remove -r -p @domainesuspect.com

#start qmail
/etc/init.d/qmail stop

#forcer traitement de file d’attente
qmHandle -a #ne fontionne pas des masses
/usr/local/psa/admin/bin/mailqueuemng -a

#modifier SMTPROUTES http://kb.parallels.com/fr/115531
/etc/init.d/qmail stop
vi /var/qmail/control/smtproutes

#saisir
mondomaine.fr:smtp.different.fr
#enregistrer avec :wq

/etc/init.d/qmail start
/etc/init.d/xineted restart

#Qmail spam prevention:

Start Qmail

/etc/init.d/qmail start
/etc/init.d/xinetd start

Stop Qmail

/etc/init.d/qmail stop
/etc/init.d/xinetd stop

The server is overloaded with SPAM. There are many messages in queue. Mail is delivered slowly.
ftp://download1.swsoft.com/Plesk/Plesk9.2/Doc/en-US/plesk-9.0-unix-advanced-administration-guide/index.htm?fileName=61674.htm

Many email messages are sent from PHP scripts on the server. How can I find what domains these scripts are running on?

[http://kb.swsoft.com/article_22_1711_en.html](http://kb.swsoft.com/article_22_1711_en.html)

Qmail var log location

/usr/local/psa/var/log/maillog

View the log in realtime

tail -f /usr/local/psa/var/log/maillog

Check qmail que size

/var/qmail/bin/qmail-qstat

###qmHandle

Install qmhandle

wget http://jaist.dl.sourceforge.net/sourceforge/qmhandle/qmhandle-1.3.2.tar.gz
tar xvzf qmhandle-1.3.2.tar.gz
chmod 777 qmhandle-1.3.2/qmHandle

Edit the file, uncomment the following lines, and comment out the default version

#my ($stopqmail) = ‘/etc/init.d/qmail stop’;
#my ($startqmail) = ‘/etc/init.d/qmail start’;

the move it to “`/usr/local/sbin/“`

mv qmhandle-1.3.2/qmHandle /usr/local/sbin/qmHandle

Show current queue stats:

qmHandle -s

List messages in the mail queue:

qmHandle -l

Get extended info about the Queue.

/usr/local/sbin/qmHandle -l -c

List messages in the mail queue while counting how many have the same subject:

qmHandle -l|grep Subject|sort| uniq -c|sort -n

List SMTP authorized senders from mail log and count how many emails they’ve sent:

cat /usr/local/psa/var/log/maillog |grep -I smtp_auth | grep -I ‘SMTP user’ | awk ‘{print $8}’ | sort |uniq -c |sort -n

List IP Addresses that have failed SMTP authentication and count them

cat /usr/local/psa/var/log/maillog | grep -I smtp_auth | grep -I FAILED | awk ‘{print $13}’ | sort | uniq -c | sort -n

Read a message in the queue:

qmHandle -m123456789

Delete a message based on subject:

qmHandle -S’failure notice’
qmHandle -S’Order Tracking’
qmHandle -S’Tracking Service’
qmHandle -S’Shipping Detail’
qmHandle -S’Order Detail’
qmHandle -S’Shipping Info’
qmHandle -S’Shipping Information’
qmHandle -S’Order Shipped’
qmHandle -S’Order Information’
qmHandle -S’Shipping Service’
qmHandle -S’Tracking Detail’
qmHandle -S’Tracking Info’
qmHandle -S’Tracking Information’

Queue up several subjects for deletion

qmHandle -S’failure notice’ ; qmHandle -S’Order Tracking’ ; qmHandle -S’Tracking Service’

Delete specific spam emails

qmHandle -H’smilesbymartin.com’
qmHandle -H’federalwaydentist.net’
qmHandle -H’bbjp.net’
qmHandle -H’periozone.com’

To delete the entire Queue (pretty slow if it’s huge)

qmHandle -D

To delete the entire Queue as files then start qmail back up (probably faster)

service qmail stop && find /var/qmail/queue/{mess,intd,local,remote,todo,info}/ -type f -exec rm {} \; && service qmail start

For looking at the queue to see if any more obvious crap addresses.

/var/qmail/bin/qmail-qread | less

###Find incoming vector

should help you find some results of which account(s) are being used.
“`cat /usr/local/psa/var/log/maillog | grep “smtp_auth”“`
“`cat /usr/local/psa/var/log/maillog | grep “spammer’s IP”“`
“`cat /usr/local/psa/var/log/maillog | grep “202.64.64.68”“`

### completely rebuild all mail boxes on server (use with caution, and be patient)

[Plesk article for command](http://kb.parallels.com/en/944)

/usr/local/psa/admin/sbin/mchk –without-spam

### See actively running scripts

lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ‘ { if(!str) { str=$1 } else { str=str”,”$1}}END{print str}’` | grep vhosts | grep php

### Turn off email for a domain in Plesk

/usr/local/psa/bin/mail –off roadsidemultimedia.com

### Block an IP Address

sudo iptables -I INPUT -s 88.2.145.216 -j DROP