Find SPAM senders using Postfix with SSH
Postfix is the message transfer agent (MTA) installed with our Plesk Linux servers to relay email. It's difficult to fully analyze Postfix's logs to determine if SPAM is coming from a malicious script or an email user. The steps below will help you determine if an email account/mailbox user is the source of SPAM.
- Enable administrator access on your VPS Hosting if you haven't already done so.
- Connect to my server with SSH (Secure Shell).
- Switch to the root user.
-
Run this command to see which email accounts have been accessed the most to send mail. If you don't find an email account with excessive use, it's likely a script is responsible.
[root@server ~]# zgrep -h 'sasl_method' /var/log/maillog* | cut -d' ' -f9 | cut -d= -f2 | sort | uniq -c | sort -nr 10457 [email protected] 22 [email protected] 14 [email protected] 10 PLAIN, 3 [email protected]
Related steps
- You can also find SPAM senders in Plesk Linux.
- Scripts can also be the cause of SPAM. See how you can enable PHPMail logging in Plesk Linux.
- Take steps to prevent SPAM issues on your server.
- Return to review email spam issues on your server.