{"id":6067,"date":"2016-07-27T08:34:04","date_gmt":"2016-07-27T00:34:04","guid":{"rendered":"http:\/\/rmohan.com\/?p=6067"},"modified":"2016-07-27T08:36:34","modified_gmt":"2016-07-27T00:36:34","slug":"qmhandle-2","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6067","title":{"rendered":"qmHandle"},"content":{"rendered":"

#compter les mails dans la liste d’attente
\n\/var\/qmail\/bin\/qmail-qstat<\/p>\n

#qmHandle lister les mails (l : liste, c : couleur)
\nqmHandle -l -c <\/p>\n

#stop qmail
\n\/etc\/init.d\/qmail stop<\/p>\n

#pour lister
\nqmail-remove -p @domainesuspect.com<\/p>\n

#pour lister et remove (l’ordre des param\u00e8tres compte)
\nqmail-remove -r -p @domainesuspect.com <\/p>\n

#start qmail
\n\/etc\/init.d\/qmail stop<\/p>\n

#forcer traitement de file d’attente
\nqmHandle -a #ne fontionne pas des masses
\n\/usr\/local\/psa\/admin\/bin\/mailqueuemng -a<\/p>\n

#modifier SMTPROUTES http:\/\/kb.parallels.com\/fr\/115531
\n\/etc\/init.d\/qmail stop
\nvi \/var\/qmail\/control\/smtproutes<\/p>\n

#saisir
\nmondomaine.fr:smtp.different.fr
\n#enregistrer avec :wq<\/p>\n

\/etc\/init.d\/qmail start
\n\/etc\/init.d\/xineted restart<\/p>\n

#Qmail spam prevention:<\/p>\n

Start Qmail<\/p>\n

\/etc\/init.d\/qmail start
\n \/etc\/init.d\/xinetd start<\/p>\n

Stop Qmail<\/p>\n

\/etc\/init.d\/qmail stop
\n \/etc\/init.d\/xinetd stop<\/p>\n

The server is overloaded with SPAM. There are many messages in queue. Mail is delivered slowly.
\nftp:\/\/download1.swsoft.com\/Plesk\/Plesk9.2\/Doc\/en-US\/plesk-9.0-unix-advanced-administration-guide\/index.htm?fileName=61674.htm<\/p>\n

Many email messages are sent from PHP scripts on the server. How can I find what domains these scripts are running on?<\/p>\n

[http:\/\/kb.swsoft.com\/article_22_1711_en.html](http:\/\/kb.swsoft.com\/article_22_1711_en.html)<\/p>\n

Qmail var log location<\/p>\n

\/usr\/local\/psa\/var\/log\/maillog<\/p>\n

View the log in realtime<\/p>\n

tail -f \/usr\/local\/psa\/var\/log\/maillog<\/p>\n

Check qmail que size<\/p>\n

\/var\/qmail\/bin\/qmail-qstat<\/p>\n

###qmHandle<\/p>\n

Install qmhandle<\/p>\n

wget http:\/\/jaist.dl.sourceforge.net\/sourceforge\/qmhandle\/qmhandle-1.3.2.tar.gz
\n tar xvzf qmhandle-1.3.2.tar.gz
\n chmod 777 qmhandle-1.3.2\/qmHandle<\/p>\n

Edit the file, uncomment the following lines, and comment out the default version<\/p>\n

#my ($stopqmail) = ‘\/etc\/init.d\/qmail stop’;
\n #my ($startqmail) = ‘\/etc\/init.d\/qmail start’;<\/p>\n

the move it to “`\/usr\/local\/sbin\/“`<\/p>\n

mv qmhandle-1.3.2\/qmHandle \/usr\/local\/sbin\/qmHandle<\/p>\n

Show current queue stats:<\/p>\n

qmHandle -s<\/p>\n

List messages in the mail queue:<\/p>\n

qmHandle -l<\/p>\n

Get extended info about the Queue.<\/p>\n

\/usr\/local\/sbin\/qmHandle -l -c<\/p>\n

List messages in the mail queue while counting how many have the same subject:<\/p>\n

qmHandle -l|grep Subject|sort| uniq -c|sort -n<\/p>\n

List SMTP authorized senders from mail log and count how many emails they’ve sent:<\/p>\n

cat \/usr\/local\/psa\/var\/log\/maillog |grep -I smtp_auth | grep -I ‘SMTP user’ | awk ‘{print $8}’ | sort |uniq -c |sort -n<\/p>\n

List IP Addresses that have failed SMTP authentication and count them<\/p>\n

cat \/usr\/local\/psa\/var\/log\/maillog | grep -I smtp_auth | grep -I FAILED | awk ‘{print $13}’ | sort | uniq -c | sort -n<\/p>\n

Read a message in the queue:<\/p>\n

qmHandle -m123456789<\/p>\n

Delete a message based on subject:<\/p>\n

qmHandle -S’failure notice’
\n qmHandle -S’Order Tracking’
\n qmHandle -S’Tracking Service’
\n qmHandle -S’Shipping Detail’
\n qmHandle -S’Order Detail’
\n qmHandle -S’Shipping Info’
\n qmHandle -S’Shipping Information’
\n qmHandle -S’Order Shipped’
\n qmHandle -S’Order Information’
\n qmHandle -S’Shipping Service’
\n qmHandle -S’Tracking Detail’
\n qmHandle -S’Tracking Info’
\n qmHandle -S’Tracking Information’<\/p>\n

Queue up several subjects for deletion<\/p>\n

qmHandle -S’failure notice’ ; qmHandle -S’Order Tracking’ ; qmHandle -S’Tracking Service’<\/p>\n

Delete specific spam emails<\/p>\n

qmHandle -H’smilesbymartin.com’
\n qmHandle -H’federalwaydentist.net’
\n qmHandle -H’bbjp.net’
\n qmHandle -H’periozone.com’<\/p>\n

To delete the entire Queue (pretty slow if it’s huge)<\/p>\n

qmHandle -D<\/p>\n

To delete the entire Queue as files then start qmail back up (probably faster)<\/p>\n

service qmail stop && find \/var\/qmail\/queue\/{mess,intd,local,remote,todo,info}\/ -type f -exec rm {} \\; && service qmail start<\/p>\n

For looking at the queue to see if any more obvious crap addresses.<\/p>\n

\/var\/qmail\/bin\/qmail-qread | less<\/p>\n

###Find incoming vector<\/p>\n

should help you find some results of which account(s) are being used.
\n“`cat \/usr\/local\/psa\/var\/log\/maillog | grep “smtp_auth”“`
\n“`cat \/usr\/local\/psa\/var\/log\/maillog | grep “spammer\u2019s IP”“`
\n“`cat \/usr\/local\/psa\/var\/log\/maillog | grep “202.64.64.68”“`<\/p>\n

### completely rebuild all mail boxes on server (use with caution, and be patient)<\/p>\n

[Plesk article for command](http:\/\/kb.parallels.com\/en\/944)<\/p>\n

\/usr\/local\/psa\/admin\/sbin\/mchk –without-spam<\/p>\n

### See actively running scripts<\/p>\n

lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ‘ { if(!str) { str=$1 } else { str=str”,”$1}}END{print str}’` | grep vhosts | grep php<\/p>\n

### Turn off email for a domain in Plesk<\/p>\n

\/usr\/local\/psa\/bin\/mail –off roadsidemultimedia.com<\/p>\n

### Block an IP Address<\/p>\n

sudo iptables -I INPUT -s 88.2.145.216 -j DROP<\/p>\n","protected":false},"excerpt":{"rendered":"

#compter les mails dans la liste d’attente \/var\/qmail\/bin\/qmail-qstat<\/p>\n

#qmHandle lister les mails (l : liste, c : couleur) qmHandle -l -c <\/p>\n

#stop qmail \/etc\/init.d\/qmail stop<\/p>\n

#pour lister qmail-remove -p @domainesuspect.com<\/p>\n

#pour lister et remove (l’ordre des param\u00e8tres compte) qmail-remove -r -p @domainesuspect.com <\/p>\n

#start qmail \/etc\/init.d\/qmail stop<\/p>\n

#forcer traitement de file d’attente qmHandle -a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6067"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6067"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6067\/revisions"}],"predecessor-version":[{"id":6073,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6067\/revisions\/6073"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}