Gen 4 VPS & Dedicated Servers Help

Find SPAM senders using Postfix with SSH

Postfix is the message transfer agent (MTA) installed with our Plesk Linux servers to relay email. It's difficult to fully analyze Postfix's logs to determine if SPAM is coming from a malicious script or an email user. The steps below will help you determine if an email account/mailbox user is the source of SPAM.

  1. Enable administrator access on your Gen 3 or Gen 4 server if you haven't already done so.
  2. Connect to my server with SSH (Secure Shell).
  3. Switch to the root user.
  4. Run this command to see which email accounts have been accessed the most to send mail. If you don't find an email account with excessive use, it's likely a script is responsible.

    [root@server ~]# zgrep -h 'sasl_method' /var/log/maillog* | cut -d' ' -f9 | cut -d= -f2 | sort | uniq -c | sort -nr
    
      10457 info@coolexample.com
         22 jane@coolexample.com
         14 richard@coolexample.com
         10 PLAIN,
          3 spot@coolexample.com
    

Related steps

More info

  • Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.