Find SPAM senders using Postfix with SSH
Postfix is the message transfer agent (MTA) installed with our Plesk Linux servers to relay email. It's difficult to fully analyze Postfix's logs to determine if SPAM is coming from a malicious script or an email user. The steps below will help you determine if an email account/mailbox user is the source of SPAM.
- Enable administrator access on your Gen 3 or Gen 4 server if you haven't already done so.
- Connect to my server with SSH (Secure Shell).
- Switch to the root user.
-
Run this command to see which email accounts have been accessed the most to send mail. If you don't find an email account with excessive use, it's likely a script is responsible.
[root@server ~]# zgrep -h 'sasl_method' /var/log/maillog* | cut -d' ' -f9 | cut -d= -f2 | sort | uniq -c | sort -nr 10457 info@coolexample.com 22 jane@coolexample.com 14 richard@coolexample.com 10 PLAIN, 3 spot@coolexample.com
Related steps
- You can also find SPAM senders in Plesk Linux.
- Scripts can also be the cause of SPAM. See how you can enable PHPMail logging in Plesk Linux.
- Take steps to prevent SPAM issues on your server.
- Return to review email spam issues on your server.
More info
- Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.