Fighting Spam on a Qmail Mail Server

When unsolicited emails, or spam, are simultaneously sent indiscriminately to multiple mail boxes on your server, there may be too many messages in the queue. Then the server can become overloaded with spam and mail is delivered slowly.

To get rid of spam on your Qmail mail server:

  1. Make sure that all domains have the option What to do with mail sent to non-existent users set to Reject.

    To change the value of this option for a domain, open it in the Control Panel, go to the Mail tab and click Change Settings.

  2. Make sure that there are no untrusted IP addresses or networks in the white list.

    To do this, go to Home > Mail Server Settings > White List tab. To remove untrusted IP addresses or networks, select them in the list and click Remove Selected.

  3. Check how many messages there are in the Qmail queue with:

    # /var/qmail/bin/qmail-qstat

    messages in queue: 27645

    messages in queue but not yet preprocessed: 82

    If there are too many messages in the queue, try to find out where the spam is coming from. If the mail is being sent by an authorized user, but not from a PHP script, you can find out which user sent most of the messages with the following command:

    # cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk '{print $11}' |sort |uniq -c |sort -n

    Note that the SMTP authorization option should be enabled on the server to see these records. The path to maillog may be different depending on the OS you use.

  4. Use the qmail-qread utility to read the messages headers:

    # /var/qmail/bin/qmail-qread

    18 Jul 2005 15:03:07 GMT #2996948 9073 <user@domain.com> bouncing

    done remote user1@domain1.com

    done remote user2@domain2.com

    done remote user3@domain3.com

    ....

    The qmail-qread utility shows message senders and recipients. If a message has too many recipients, then it is probably spam.

  5. Try to find the message in the queue by it's ID (for example, the message ID is #1234567):

    # find /var/qmail/queue/mess/ -name 1234567

  6. Look at the message and find the last Received line. This shows where the message was initially sent from.