Articles in this section

How to train SpamAssassin on Plesk server?
How to exclude a domain from DMARC check in Plesk for Linux
SpamAssassin rules can't be updated on CentOS 7 server with Plesk: config: SpamAssassin failed to parse line, is not valid for "util_rb_3tld"
Is Roundcube 1.4 secured against CVE-2026-25916 and CVE-2026-26079 in Plesk?
Integrating SmarterMail 100.0.9560 with Plesk fails: Login failure: Missing auth
Dovecot IMAP crashes on a Plesk server with Ubuntu 24.04: Panic: file imap-sieve-storage.c: line 216 (imap_sieve_add_mailbox_event): assertion failed
Unable to start Amavis: ERROR: MISSING REQUIRED ADDITIONAL MODULES: DBD::MariaDB
Unable to send or receive email with Plesk Email Security extension installed
It is not possible to receive messages coming from a specific domain to a specific mailbox on a Linux Plesk server. What can be checked?
How to configure Apache Solr search for Dovecot?
See more

How to identify spam source on Plesk for Windows Server

Kuzma Ivanov

Updated January 25, 2024 08:33

Plesk for Windows kb: how-to ABT: Group B

Applicable to:

Plesk for Windows

Question

Many email messages are being sent using PHP scripts from a Plesk server. How to find spamming subscriptions?

Answer

Connect to the Plesk server via RDP.
Download Process Monitor utility.
Run Procmon.exe.
Configure filter to show only TCP packets which are sent on port 25 of a local server: Download this Process Monitor configuration file and import it to Process Monitor at File > Import Configuration....
Make sure only network activity is enabled in the settings bar (enabled by default).
Wait for the entries to start being logged as on the following screenshot:

Click on the image to enlarge
Identify the spamming subscription by analyzing the output of the User table. In the example above, 'testtld' user represents the subscription 'test.tld'

Additional Information

How to determine the source of server abuse | MailEnable
For Linux, see this KB article.

1.png
(9 KB)
2.png
(90 KB)
1.PNG
(50 KB)
ProcmonConfiguration.pmc
(3 KB)

Comments

0 comments

Please sign in to leave a comment.