- Plesk for Windows
Many email messages are being sent from PHP scripts on a server. How to find domains on which these scripts are running on Windows?
Note: For Linux, please take a look at this article.
Connect to the server via RDP.
Download and install the Process Monitor utility.
Start Process Monitor and choose only network activity on the settings bar:
Configure filter to show only TCP packets which were sent to port 25 of a local server and exclude Mail server using one more filter rule. Alternatively, download the this Process Monitor configuration file and import it to Process Monitor under File > Import Configuration file.
Wait until some records occur like on the screenshot:
Identify the spam subscription by analyzing the output of the 'User' field. In the above example, 'testtld' user represents subscription 'test.tld'