Monthly Archives: August 2013

How to find which domain spamming via PHP script?

PLESK

1) Create a /var/qmail/bin/sendmail-wrapper script with the following content:

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

Note, it should be two lines including ‘#!/bin/sh’.

2) Create a log file /var/tmp/mail.send and grant it “a+rw” rights; make the wrapper executable; rename old sendmail; and link it to the new wrapper:

~# touch /var/tmp/mail.send
~# chmod a+rw /var/tmp/mail.send
~# chmod a+x /var/qmail/bin/sendmail-wrapper
~# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
~# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

3) Wait for an hour and change back sendmail:

~# rm -f /var/qmail/bin/sendmail
~# mv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

Examine the /var/tmp/mail.send file. There should be lines starting with “X-Additional-Header:” pointing to domain folders where the scripts which sent the mail are located.
You can see all the folders from where mail PHP scripts were run with the following command:

~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

Reference: http://kb.parallels.com/en/1711

How to fix corrupted mails on queue in qmail or qmailtoaster.

Step 1. Download qfixq.

wget http://qmail.jms1.net/scripts/qfixq

Step 2. Change the file permission.

chmod 700 qfixq

Step 3. Stop qmail service.

/etc/init.d/qmail stop

Step 4. Run the script.

./qfixq
After running it the first time to see what it’s going to do, you should run it a second time, in “live mode”. This will do the same checks, but it will actually correct the errors it finds.

./qfixq live
If you know that there’s nothing in the queue you want to save, and you would rather just empty the queue, you can use this command instead. This changes the logic to bypass a lot of the checking, and just plain marks every message it finds for deletion- and then it deletes them.

./qfixq live empty
After running it once in “live mode”, you should run it again (not in live mode) and make sure it doesn’t find anything new. If it does, it means that some process on the system is still interacting with the queue, and if that process is “qmail-send” then running the script may have actually done more damage than good. This is why it’s so important to make sure that anything relating to qmail is totally shut down before running the script.