How to find Spamming Account in Postfix or Plesk

To provide a mail service, Plesk supports two mail transfer agents: Postfix and qmail.

Plesk uses only one mail transfer agent at a time. You can check which of them is currently enabled on the following page: Server Administration Panel > Tools & Settings > Services Management

By default, Plesk for Linux uses the Postfix for sending and receiving mail through the SMTP and SMTPS protocols.

Now we can check which account is spamming on Postfix:

The following command provides a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:

mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail

grep “status=sent” /var/log/maillog |cut -d “=” -f 2 |cut -d “>” -f 1 |cut -d “<” -f 2 |sort -n |uniq -c

grep “dovecot” /var/log/maillog |grep “Aborted login” |cut -d “,” -f 3 |cut -d “:” -f 4 |sort -n |uniq -c