- Plesk 7.5.x Reloaded
- Plesk 9.x for Linux/Unix
- Plesk 8.x for Linux/Unix
Resolution
First check that all domains have the option ‘Mail to non-existing user’ set to ‘reject’ but not to ‘forward’. You can change this setting to all domains using “Group Operations” in the “Domains” tab in Parallels Plesk Control Panel. The option “Reject mail to nonexistent user” is available since Parallels Plesk Panel 7.5.3.
Also, please, check that all the IPs and networks in the white lists are reliable and familiar to you.
Check how many messages are in the queue with Qmail:
# /var/qmail/bin/qmail-qstat
messages in queue: 27645
messages in queue but not yet preprocessed: 82
If mail is being sent by an authorized user but not from the PHP script, you can run the command below to find the user that has sent the most messages (available since Plesk 8.x). Note that you must have the ‘SMTP authorization’ activated on the server to see these records:
# cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk '{print $11}' |sort |uniq -c |sort -n
The next step is to use is “qmail-qread”, which can be used to read the message headers:
# /var/qmail/bin/qmail-qread
18 Jul 2005 15:03:07 GMT #2996948 9073 <[email protected]> bouncing
done remote [email protected]
done remote [email protected]
done remote [email protected]
....
# find /var/qmail/queue/mess/ -name 2996948
Received: (qmail 19514 invoked by uid 10003); 13 Sep 2005 17:48:22 +0700
it means that this message was sent via a CGI by user with UID 10003. Using this UID it is possible to find the domain:
# grep 10003 /etc/passwd
# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` | grep vhosts | grep php
Lines in Received section like
Received: (qmail 19622 invoked from network); 13 Sep 2005 17:52:36 +0700
Received: from external_domain.com (192.168.0.1)
mean that the message has been accepted and delivered via SMTP, and that the sender is an authorized mail user. Many email messages are sent from PHP scripts on the server. How can I find what domains these scripts are running on?
APPLIES TO:
- Plesk 9.x for Linux/Unix
- Plesk 8.x for Linux/Unix
Resolution
There is a way to find what the folder the PHP script that sends mail was run from. Note, the paths can be slightly differ from the listed below depending on your OS and Plesk version:
1) create /var/qmail/bin/sendmail-wrapper script with the content:
#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail “$@”
Note, it should be the two lines including ‘#!/bin/sh’.
2) then create log file /var/tmp/mail.send and grant it “a+rw” rights, make the wrapper executable, rename old sendmail and link it to the new wrapper:
~# touch /var/tmp/mail.send
~# chmod a+rw /var/tmp/mail.send
~# chmod a+x /var/qmail/bin/sendmail-wrapper
~# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
~# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail
3) Wait for an hour or so and revert sendmail back:
~# rm -f /var/qmail/bin/sendmail
~# ln -s /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail
Examine /var/tmp/mail.send file, there should be lines starting with “X-Additional-Header:” pointing out to domains’ folders where the scripts which sent the mail are located.
You can see all the folders mail PHP scripts were run from with the following command:
~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e ‘s/HTTPD_VHOSTS_D//’ `
f you see no output from the command above, it means that no mail was sent using PHP mail() function from the Plesk virtual hosts directory.