How to find Spamming Account in Postfix or Plesk
To provide a mail service, Plesk supports two mail transfer agents: Postfix and qmail.
Plesk uses only one mail transfer agent at a time. You can check which of them is currently enabled on the following page: Server Administration Panel > Tools & Settings > Services Management
By default, Plesk for Linux uses the Postfix for sending and receiving mail through the SMTP and SMTPS protocols.
Now we can check which account is spamming on Postfix:
The following command provides a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:
mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
grep “status=sent” /var/log/maillog |cut -d “=” -f 2 |cut -d “>” -f 1 |cut -d “<” -f 2 |sort -n |uniq -c
grep “dovecot” /var/log/maillog |grep “Aborted login” |cut -d “,” -f 3 |cut -d “:” -f 4 |sort -n |uniq -c