We help IT Professionals succeed at work.

qmail with Plesk ceases to work after spam emails deleted from queue

Our server had been used by hackers to send spam emails.  Yesterday I used SSH to discover the files in /ver/qmail/queue, and delete them.   I also deleted a separate file that had been recently created called 'bouncer' in a spool directory.

Since my intervention, I cannot send emails out from the server.  What should I do?  I fear that my inexperience may make the matter worse!
Comment
Watch Question

Commented:
Yikes.  Manually removing email from the queue in Qmail is generally considered a big no-no as it currupts the queue.

Hmm, offhand, I can think of:

qmHandle - http://sourceforge.net/projects/qmhandle

This was really what you should have used to remove email from the queue.

Probably your best bet now would be to give John Simpson's queue fix script a go:

http://qmail.jms1.net/scripts/qfixq.shtml

I haven't used this particular script before but I've used most of his other ones and have never had a problem with them.

Do you have a support contract for your Plesk install?  You could try contacting the company if all else fails.

Author

Commented:
Thanks - I have tried qfixq, and it did try to restore the emails, but I fear that I must have trodden very heavily, because it has not come back.

My service provider - 1&1 - provides a 're-imaging' service.  I intend to attempt to back up the server, 're-image' it, then restore my websites.   As yet this is a new server with four lightly used sites on it, so this may not be too painful.

At the moment I'm having trouble finding a suitable FTP program to use on the server to make the backup - there seems to be no option in Plesk itself.  
1. You can build a easy script using lftp. If you can`t do it please reply and i`ll post something small yet efficient here.
2. I warmly suggest to re-imagine your machine after it was compromised.
3. You can find Plesk backup info here: http://download1.swsoft.com/Plesk/Plesk8.0/Doc/plesk-8-backup-restore-users-guide.pdf or a commercial version here http://www.4psa.com/products/4psatbackup.php

Author

Commented:
I re-imagined the server.  I have since had further intruders, and am currently installing clamAV to try to deal with them.
After re-imaging update your packages using yum/apt/up2date. Additionally update your plesk version by going to Servers>Updater

Explore More ContentExplore courses, solutions, and other research materials related to this topic.