Hi All, I'm plesk control panel administrator. In this few days I found there are many deferred message in mailq and I know that hosting server is sending hug spam message out. Here is the log from postfix.
Jan 6 09:01:27 hosting postfix/pickup[17047]: 5606D841517: uid=48 from=<apache> Jan 6 09:01:27 hosting postfix/cleanup[13394]: 5606D841517: message-id=<20110106020127.5606d841...@hosting.mydomain> Jan 6 09:01:27 hosting postfix/qmgr[11266]: 5606D841517: from=<apa...@hosting.mydomain>, size=1331, nrcpt=1 (queue active) Jan 6 02:01:27 hosting postfix/pickup[17047]: 5F5E28413EA: uid=48 from=<apache> Jan 6 02:01:27 hosting postfix/smtpd[5791]: connect from unknown[127.0.0.1] Jan 6 09:01:27 hosting postfix/cleanup[13816]: 5F5E28413EA: message-id=<20110106020127.5f5e2841...@hosting.mydomain> Jan 6 02:01:27 hosting postfix/smtpd[5791]: 698C3841678: client=unknown[127.0.0.1] Jan 6 09:01:27 hosting before-remote[17254]: check handlers for addr: apa...@hosting.mydomain Jan 6 09:01:27 hosting before-remote[17254]: check handlers for addr: kraus...@miavx1.muohio.edu Jan 6 09:01:27 hosting postfix/qmgr[11266]: 5F5E28413EA: from=<apa...@hosting.mydomain>, size=1312, nrcpt=1 (queue active) Jan 6 02:01:27 hosting postfix/pickup[17047]: 6E34184154F: uid=48 from=<apache> Jan 6 09:01:27 hosting postfix/cleanup[13816]: 6E34184154F: message-id=<20110106020127.6e341841...@hosting.mydomain> Jan 6 02:01:27 hosting postfix/smtpd[5796]: connect from unknown[127.0.0.1] Jan 6 09:01:27 hosting postfix/cleanup[13394]: 698C3841678: message-id=<20110106020127.5606d841...@hosting.mydomain> Jan 6 02:01:27 hosting postfix/pickup[17047]: 79BEA84161B: uid=48 from=<apache> Jan 6 09:01:27 hosting postfix/qmgr[11266]: 698C3841678: from=<apa...@hosting.mydomain>, size=1516, nrcpt=1 (queue active) Jan 6 09:01:27 hosting postfix/smtp[9936]: 5606D841517: to=< kraus...@miavx1.muohio.edu>, relay=127.0.0.1[127.0.0.1]:10027, delay=0.18, delays=0.07/0/0.04/0.07, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 698C3841678) Jan 6 09:01:27 hosting postfix/qmgr[11266]: 6E34184154F: from=<apa...@hosting.mydomain>, size=1308, nrcpt=1 (queue active) Jan 6 09:01:27 hosting postfix/cleanup[13816]: 79BEA84161B: message-id=<20110106020127.79bea841...@hosting.mydomain> Jan 6 02:01:27 hosting postfix/smtpd[5796]: 7AC95841841: client=unknown[127.0.0.1] Jan 6 02:01:27 hosting postfix/smtpd[5791]: disconnect from unknown[127.0.0.1] Jan 6 09:01:27 hosting postfix/qmgr[11266]: 5606D841517: removed Jan 6 09:01:27 hosting before-remote[17259]: check handlers for addr: apa...@hosting.mydomain Jan 6 09:01:27 hosting before-remote[17259]: check handlers for addr: kr...@buckeye.com Jan 6 02:01:27 hosting postfix/smtpd[5791]: connect from unknown[127.0.0.1] Jan 6 09:01:27 hosting postfix/qmgr[11266]: 79BEA84161B: from=<apa...@hosting.mydomain>, size=1334, nrcpt=1 (queue active) By analyse the log, I know that we might has customer who careless design that allow to send message out from php sites. Please give me an excuse I did ask plesk support but no solution or here is not the right place to ask these kind of question but I hope you all has experience on this or at least give me some advises. It's possible for postfix or maybe smtp client to trace which directory sending message from? or any advise how to prevent or solve this problem? or extend log file so that I have more possibilities to find out where is the problem come from? Thanks Makara -- The person who loves others will also be loved.
