Start Free Trial

asked on

Mail Server Queue Clogged

I have a linux server with a mail server running on it.

I am using Plesk 8.0.1 to manage my server but also have shell access to it.

I am running a PHP/MtSql application on that server.

Recently the mail server started making problems and the php application has been unable to send out emails.

When I check the mail queue in plesk I see tons of spam emails in there.

I am not very familiar with mail server management so I am wondering what I can do to get to the bottom of the issue.

What mail server are you using? Postfix?

ASKER

I think it's qmail.

How can I find out when logging onto the shell?

Do you know what OS you have? The following command will give you details about your kernel but will also usually spit out what OS is installed - e.g. Debian, Fedora, etc:

cat /proc/version

ASKER

this is what i get:

Linux version 2.6.16.27-061216a (root@buildd-amd64) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Sat Dec 16 13:15:27 CET 2006

Ok, that makes it fairly easy because Debian uses the package tool apt.

To check what packages are installed, you can type the following:

dpkg -l | less

To check for a certain package, e.g. qmail, use the following:

dpkg -l | grep qmail

You can also check for Postfix, Exim

dpkg -l | grep postfix
dpkg -l | grep exim

ASKER

I get this: on any of the commands above:
-bash: dpkg: command not found

however I do know that there is a program running called qmail and it seems to be responsible for the outgoing emails

Ok, we'll just assume it's qmail then... What is the output you get when you enter
qmail-qread

It could be that you have a spammer on the server. Is it a shared server? Do you have a lot of users on it? It could also be a poorly coded script that is allowing spammers to advantage of a vulnerability to enable them to relay through your server.

See if qmail-qread gives you any hints as to who might be trying to relay the spam.

ASKER

it is giving me an endless list like this:

5 Feb 2008 11:33:49 GMT #699646401 2865 <anonymous@u15246640.onlinehome-server.com>
remote jje@sns.dk
5 Feb 2008 11:33:50 GMT #699646424 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjellybelly@aol.com
5 Feb 2008 11:33:50 GMT #699646447 2868 <anonymous@u15246640.onlinehome-server.com>
remote jjensen@pc.dk
5 Feb 2008 11:34:06 GMT #699646355 2875 <anonymous@u15246640.onlinehome-server.com>
remote jjfbloem@iafrica.com
5 Feb 2008 11:34:07 GMT #699646378 2871 <anonymous@u15246640.onlinehome-server.com>
remote jjfoxbox@msn.com
5 Feb 2008 11:34:07 GMT #699646286 2883 <anonymous@u15246640.onlinehome-server.com>
remote jjgoulet@learn.senecac.on.ca
5 Feb 2008 11:34:08 GMT #699646309 2878 <anonymous@u15246640.onlinehome-server.com>
remote jjeskilstrup@dadlnet.dk
5 Feb 2008 11:34:09 GMT #699646332 2868 <anonymous@u15246640.onlinehome-server.com>
remote jjfdez@ual.es
5 Feb 2008 11:34:09 GMT #699646217 2876 <anonymous@u15246640.onlinehome-server.com>
remote jjfisk@inter-linc.net
5 Feb 2008 11:34:10 GMT #699646240 2873 <anonymous@u15246640.onlinehome-server.com>
remote jjgangluff@aol.com
5 Feb 2008 11:34:10 GMT #699646263 2876 <anonymous@u15246640.onlinehome-server.com>
remote jjgrau@medicina.ub.es
5 Feb 2008 11:34:35 GMT #699646125 2881 <anonymous@u15246640.onlinehome-server.com>
remote jjharris837@btinternet.com
5 Feb 2008 11:34:35 GMT #699646148 2869 <anonymous@u15246640.onlinehome-server.com>
remote jjhv@arpem.com
5 Feb 2008 11:34:36 GMT #699646171 2871 <anonymous@u15246640.onlinehome-server.com>
remote jjimmo@osets.com
5 Feb 2008 11:34:36 GMT #699646056 2865 <anonymous@u15246640.onlinehome-server.com>
remote jjj@abv.bg
5 Feb 2008 11:34:36 GMT #699646079 2882 <anonymous@u15246640.onlinehome-server.com>
remote jjjackson@lunarrepublic.com
5 Feb 2008 11:34:37 GMT #699646102 2872 <anonymous@u15246640.onlinehome-server.com>
remote jjhenry64@msn.com
5 Feb 2008 11:34:37 GMT #699645987 2871 <anonymous@u15246640.onlinehome-server.com>
remote jjhooper@shaw.ca
5 Feb 2008 11:34:37 GMT #699646010 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjimenez@med.puc.cl
5 Feb 2008 11:34:38 GMT #699646033 2865 <anonymous@u15246640.onlinehome-server.com>
remote jjj@abv.bg
5 Feb 2008 11:34:38 GMT #699645895 2875 <anonymous@u15246640.onlinehome-server.com>
remote jjjack_r@yahoo.co.in
5 Feb 2008 11:34:58 GMT #699645918 2193 <anonymous@u15246640.onlinehome-server.com>
remote bursar@hawthorns.com
5 Feb 2008 11:34:58 GMT #699645941 2204 <anonymous@u15246640.onlinehome-server.com>
remote bursar@oldmalthouseschool.co.uk
5 Feb 2008 11:34:59 GMT #699645826 2198 <anonymous@u15246640.onlinehome-server.com>
remote bursar@rosehillschool.com
5 Feb 2008 11:34:59 GMT #699645849 2194 <anonymous@u15246640.onlinehome-server.com>
remote bursar@stmarys-gx.org
5 Feb 2008 11:35:00 GMT #699645872 2194 <anonymous@u15246640.onlinehome-server.com>
remote bursar@fitz.cam.ac.uk
5 Feb 2008 11:35:01 GMT #699645711 2189 <anonymous@u15246640.onlinehome-server.com>
remote bursar@obh.co.uk
5 Feb 2008 11:35:02 GMT #699645734 2204 <anonymous@u15246640.onlinehome-server.com>
remote bursar@st-georges-college.co.uk
5 Feb 2008 11:35:26 GMT #699645757 2887 <anonymous@u15246640.onlinehome-server.com>
remote jjjohnny_williams_sn10@yahoo.com
5 Feb 2008 11:35:26 GMT #699645642 2866 <anonymous@u15246640.onlinehome-server.com>
remote jjk@acm.org
5 Feb 2008 11:35:26 GMT #699645665 2868 <anonymous@u15246640.onlinehome-server.com>
remote jjkui@shaw.ca
5 Feb 2008 11:35:27 GMT #699645688 2875 <anonymous@u15246640.onlinehome-server.com>
remote jjleonvall@yahoo.com
5 Feb 2008 11:35:28 GMT #699645550 2887 <anonymous@u15246640.onlinehome-server.com>
remote jjjcr@erjudo-salvatore-bugli.com
5 Feb 2008 11:35:29 GMT #699645573 2873 <anonymous@u15246640.onlinehome-server.com>
remote jjjorchids@aol.com
5 Feb 2008 11:35:29 GMT #699645596 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjkkjj2@virgilio.it
5 Feb 2008 11:35:29 GMT #699645481 2877 <anonymous@u15246640.onlinehome-server.com>
remote jjl.iversen@bmb.sdu.dk
5 Feb 2008 11:35:30 GMT #699645504 2870 <anonymous@u15246640.onlinehome-server.com>
remote jjlewis@shaw.ca
5 Feb 2008 11:35:49 GMT #699645527 2194 <anonymous@u15246640.onlinehome-server.com>
remote bureau@quayline.co.uk
5 Feb 2008 11:35:49 GMT #696448642 2192 <anonymous@u15246640.onlinehome-server.com>
remote burfordcook@aol.com
5 Feb 2008 11:35:49 GMT #696448665 2197 <anonymous@u15246640.onlinehome-server.com>
remote burgessian@btconnect.com
5 Feb 2008 11:35:50 GMT #696448688 2200 <anonymous@u15246640.onlinehome-server.com>
remote burley.manor@forestdale.com
5 Feb 2008 11:35:50 GMT #696448596 2200 <anonymous@u15246640.onlinehome-server.com>
remote burnham.reception@quest.com
5 Feb 2008 11:35:51 GMT #696448619 2196 <anonymous@u15246640.onlinehome-server.com>
remote burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:51 GMT #696448527 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjlscandig@yahoo.es
5 Feb 2008 11:35:51 GMT #696448550 2200 <anonymous@u15246640.onlinehome-server.com>
remote burrettfield@btinternet.com
5 Feb 2008 11:35:52 GMT #696448573 2882 <anonymous@u15246640.onlinehome-server.com>
remote jjmarco@viajessalamanca.com
5 Feb 2008 11:35:52 GMT #696448435 2870 <anonymous@u15246640.onlinehome-server.com>
remote jjmartos@ugr.es
5 Feb 2008 11:35:52 GMT #696448458 2877 <anonymous@u15246640.onlinehome-server.com>
remote jjmckay@jonesradio.net
5 Feb 2008 11:35:53 GMT #696448366 2196 <anonymous@u15246640.onlinehome-server.com>
remote bureelectricalco@fs.net
5 Feb 2008 11:35:53 GMT #696448389 2197 <anonymous@u15246640.onlinehome-server.com>
remote burgess.ifs@ntlworld.com
5 Feb 2008 11:35:54 GMT #696448412 2204 <anonymous@u15246640.onlinehome-server.com>
remote burgesshill@arjomerchants.co.uk
5 Feb 2008 11:35:54 GMT #696448297 2200 <anonymous@u15246640.onlinehome-server.com>
remote burgoine.bwd@btinternet.com
5 Feb 2008 11:35:54 GMT #696448320 2869 <anonymous@u15246640.onlinehome-server.com>
remote jjm@dlogue.net
5 Feb 2008 11:35:55 GMT #696448343 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjmail@sympatico.ca
5 Feb 2008 11:35:55 GMT #696448228 2882 <anonymous@u15246640.onlinehome-server.com>
remote jjmarco@viajessalamanca.com
5 Feb 2008 11:35:55 GMT #696448251 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjmartinez@brrd.com
5 Feb 2008 11:35:55 GMT #696448274 2205 <anonymous@u15246640.onlinehome-server.com>
remote burnham@sherriff-mountford.co.uk
5 Feb 2008 11:35:56 GMT #696448182 2196 <anonymous@u15246640.onlinehome-server.com>
remote burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:56 GMT #696448205 2868 <anonymous@u15246640.onlinehome-server.com>
remote jjmni@msn.com
5 Feb 2008 11:35:57 GMT #696448113 2881 <anonymous@u15246640.onlinehome-server.com>
remote jjmtrading@mail.telepac.pt
5 Feb 2008 11:35:57 GMT #696448136 2201 <anonymous@u15246640.onlinehome-server.com>
remote burridge@perins.hants.sch.uk
5 Feb 2008 11:35:57 GMT #696448159 2202 <anonymous@u15246640.onlinehome-server.com>
remote bursar@birkenheadschool.co.uk
5 Feb 2008 11:36:14 GMT #696447975 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjmurcia@serida.org
5 Feb 2008 11:36:15 GMT #696447998 2870 <anonymous@u15246640.onlinehome-server.com>
remote jjnk19@pobox.sk
5 Feb 2008 11:36:15 GMT #696448021 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjoco76@freemail.hu
5 Feb 2008 11:36:15 GMT #696447906 2868 <anonymous@u15246640.onlinehome-server.com>
remote jjoggi@sol.dk
5 Feb 2008 11:36:16 GMT #696447929 2881 <anonymous@u15246640.onlinehome-server.com>
remote jjohnson@chass.utoronto.ca
5 Feb 2008 11:36:17 GMT #696447952 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjmurcia@serida.org
5 Feb 2008 11:36:18 GMT #696447860 2870 <anonymous@u15246640.onlinehome-server.com>
remote jjo@olafsson.is
5 Feb 2008 11:36:19 GMT #696447883 2868 <anonymous@u15246640.onlinehome-server.com>
remote jjoggi@sol.dk
5 Feb 2008 11:36:20 GMT #696447791 2874 <anonymous@u15246640.onlinehome-server.com>
remote jjohnston@iafwa.org
5 Feb 2008 11:36:33 GMT #696447814 2873 <anonymous@u15246640.onlinehome-server.com>
remote jjones@agacgfm.org
5 Feb 2008 11:36:35 GMT #696447837 2871 <anonymous@u15246640.onlinehome-server.com>
remote jjooll@seznam.cz
5 Feb 2008 11:36:35 GMT #696447722 2187 <anonymous@u15246640.onlinehome-server.com>
remote bua@fish.co.uk

I interrupted it at one point because it didnt want to stop.

It is a dedicated server and I am using it for myself only. However it is possible that somewhere there is a badly coded script that is causing this. I have about 2400 user accounts on the php application that is running on the server.

Ok, I'm taking a wild guess that somewhere on your server is a PHP script that sends mail. A spammer must have discovered a vulnerability and is using e-mail injection to relay through your mail server. You would need to try and identify the script that's causing the problems, but if the only person that has access to the FTP server to upload and edit files is you, it might not be that difficult to identify the script. How many scripts do you have that are capable of sending mail?

Also, look through your access logs and see if you can identify the IP address of the spammer. Once you know the IP you can block them from in your mail server and deny access to your site. Of course they could be (and more than likely are) on a dynamic IP, but maybe if you send the ISP the IP and timestamp they might be able to hassle them a little.

ASKER

what is the best way to search for all potential scripts that could be causing the problem? a common function like mail()? How exaclty would the spammer utilize the weak script if he does not have access to the server? it also says "anonymous@u15246640.onlinehome-server.com", does this give any indication?

ASKER

also is there maybe a way to "listen" on the server to see what is going on and where there is activity. because it seems like the system is generating spam mail by the second, so maybe that would be a way to trace it...

>> what is the best way to search for all potential scripts
Depending on how many files and directories you have, you could use something like the following to search through your files:

grep -inr 'mail('

The '-i' flag is to ignore case, '-n' is to give you the line numbers where the code appears, and the '-r' is to do a recursive search.

>> How exactly would the spammer utilize the weak script
A spammer can easily do this by injecting code into the headers of the mail. The thing to remember is never trust any user input. For example, consider following:

A mail function could look like so:
mail($to, $subject, $body, $headers);

If a HTML form asks for the sender's email address, and your PHP creates $headers from the $from value:
$headers = "From: $from\n";

...a malicious user could do this:
$from = 'user@mysite.com%0ACc: otheruser@othersite.com%0ABcc: anotheruser@anothersite.com';

>> it also says "anonymous@u15246640.onlinehome-server.com", does this give any indication?
Yes - this usually implies that no From header is being sent, or the malicious user posted his address as "anonymous" - if the address is not a full formatted e-mail address, the mail server will automatically append the server's hostname.

>> also is there maybe a way to "listen" on the server to see what is going on
You could install logcheck, which will automatically filter out important data from your syslog and e-mail it to you on an hourly basis.

To install it, run the following command:
apt-get install logcheck

You can get more details here:
http://logcheck.org/
http://packages.debian.org/etch/logcheck

ASKER

and to temporarily fix the issues with my current mail servers, what can I do?
Can I disable access for emails using the anonynous address?
Does the command qmail-clean help in any way?

Not sure if qmail-clean will help much. I'm actually not that familiar with qmail.
There are two things that might help though. One is a script called qmail-remove which uses a regex to filter out and remove spam from your mail queue, and the other is a program which will filter your queue in future - from what I understand is that it puts the mails into a "fake" queue, filters for spam and then sends the genuine mail to the "real" mail queue.

qmail-remove
http://www.linuxmagic.com/opensource/qmail/qmail-remove/

qmail-qfilter can be installed via apt-get:
apt-cache search qmail-qfilter
apt-get install qmail-qfilter

http://untroubled.org/qmail-qfilter/

ASKER

i have actually never installed any application on this server so I would prefer a solution that does not require any installations.

ASKER

the grep command crashes, even when I enter grep -- help , it just loads but i dont see anything happening...

With Debian package management is extremely easy. If you wanted to remove (uninstall) the qmail-qfilter package afterwards, all you would need to do is:

apt-get remove qmail-qfilter

You could delete the mail queue but I'm guessing that the problem is going to repeat itself unless the PHP script is "patched". I don't know enough about qmail to give instructions for blocking outgoing mail by e-mail address. Chances are good that you get an answer to this in the Qmail zone though:
http:/Software/Server_Software/Email_Servers/Qmail/

Try running the following commands:

apt-get update
apt-get upgrade grep

ASKER

i get

-bash: apt-get: command not found

Are you logged in as root? What happens if you try:
/usr/bin/apt-get update

ASKER

yes i am in as root

it says "file or directory not found" when i enter that.

That's odd! How do you normally keep Debian updated? I don't suppose the command "aptitude" works, does it?

ASKER

no it doesnt work. i dont usually update the server, but have a third party manage an update it.

ASKER

do these files tell you anything?
error-log.txt
access-log2.txt
audit-log.txt
secure.txt
messages.txt

I did notice from the secure.txt file that you've got a cracker trying to get in to SSH. This is pretty common and there's a couple of things you can do to protect yourself - one is an app called DenyHosts, which automatically denies hostnames that are violating security (prevents dictionary attacks, brute force, etc), and the other is basically just changing your SSH port from 21 to something non-standard. This usually stops all the annoying script-kiddies.

The audit file looks like someone from South Africa attempting to infiltrate your server by uploading malicious scripts. Looks like the attempt failed but is there a chance someone else may have succeeded with an earlier attempt? Usually, these things are nothing to worry about - but only if your PHP scripts are secure, and if 3rd party software like for example Joomla are kept secure and updated.

I read that you can move your queue file. Qmail will automatically create a new queue with the correct ownership and permissions. This might be a temporary fix to your Qmail problem.

mv /var/qmail/queue /var/qmail/queue.old

If you do this, just make sure you stop qmail first.

ASKER

how do i stop qmail?

Normally, to stop a service in Debian, you would do following:
/etc/init.d/qmail stop

You can check if there is a qmail script in init.d by doing following:
ls -l /etc/init.d/

You could also try:
qmailctl stop

Ok wait, just because the server is Debian doesn't mean he's running the Apt Qmail package. Plesk is probably a customized source install.

If its a source install, there's usually a file called qmailctl that lets you control Qmail:

qmailctl stop
qmailctl start

etc.

As to manipulating the email queue, be careful as its easy to lock the whole queue up. I'd recommend using the following script to do the manipulation for you:

http://sourceforge.net/projects/qmhandle

Assuming you can figure out the commands for starting and stopping Qmail, add them in this script and you should be able to use it right away.

ASKER

i just found out that i am using fedora core 6 + plesk 8x.

does that change anything?

Well, that would explain why apt and dpkg etc. doesn't work :)

Does not really change much though. You'll still need to sort out the mail queue. Have you tried "qmailctl stop" to stop the mail server?

From what I've read, you should be able to just move the queue, but as I said, I've no experience with qmail so I cannot guarantee anything.

Hmm, if I'm not mistaken, doesn't PHP access the mail server via the sendmail executable of file link? I have the following 2 files on my system that tie into Qmail:

lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/sbin/sendmail -> /var/qmail/bin/sendmail

lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/lib/sendmail -> /var/qmail/bin/sendmail

I seem to recall that PHP lost emailing ability when I accidentally installed another MTA (long story) and it overwrote these links (and I had to restore these to be able to send via PHP again)

ASKER

it tells me

-bash: qmailctl: command not found

ASKER

i have these lines in my php.ini:

[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25

; For Win32 only.
;sendmail_from = me@example.com

; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = /usr/sbin/sendmail -t -i

; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_parameters =

that should read '...OR file link'

Hmm, I think you should have all of the Win32 stuff commented out.

ie. this:
SMTP = localhost
smtp_port = 25

Does /usr/sbin/sendmail exist? Run the following to see:

cd /usr/sbin
ls -al sendm*

Post what the output is here.

You can use following commands to check if /usr/sbin/sendmail is symlinked to /var/qmail/bin/sendmail :

ls -la /usr/sbin/

Look for sendmail and check if it has a symbolic link.

ASKER

syngin9:

output:
lrwxrwxrwx 1 root root 21 6. MÃ¤r 2007 sendmail -> /etc/alternatives/mta
-rwxr-xr-x 1 root root 175032 20. Apr 2005 sendmail.postfix
-rwxr-sr-x 1 root smmsp 761616 20. Jul 2006 sendmail.sendmail

Hmm that seemed to look a little strange (must be a Plesk rather than Qmail thing) I did come across the following though:

http://forums.overclockersclub.com/index.php?showtopic=72866&mode=threaded&pid=707625

"Yep. The whole sendmail thing is a bit of a mess. The sendmail symlink (sendmail -> /etc/alternatives/mta) is actually a symlink itself (/etc/alternatives/mta->/var/qmail/bin/sendmail)! Qmail seems to be customised by the people who make PLESK in this case. "

If that's the case, it's pointed to the right place. Does /var/qmail/bin/sendmail exist?

How many users do you have set up on this system? From that long queue list you posted, I 'd say that a spammer has managed to tap into one of the accounts to send spam out on. (judging by the alphabetical listing)

You should be able to manage your mail queue via Plesk itself.

To return your mail server to an operable state, delete the unwanted messages from the mail server's message queue.

To see the messages in the message queue and to delete them:

1. Click the Server shortcut in the navigation pane.
2. Click Mail icon in the Services group.
3. Click the Mail Queue tab. The following information will be presented:

To delete a message from the queue, select the corresponding check box and click Remove Selected. To delete all messages from the queue, select the check box in the upper-right corner of the messages list, and click Remove Selected.

ASKER

right now the mail queue is empty and does not get loaded (i restarted qmail). But when I try to use the script that was usually used to send out email notifications the email does not get sent out. it also does not make it into the mail queue. how can i find the cause?

Have a peek in the Apache error logs. Perhaps it will mention something in there.

You can also have a look in the mail logs and the syslog. Could be under /var/log/.

ASKER

there is nothing in the apache log. how can i check the mail log?

I don't know where your mail log is located but usually you would find most logs in /var/log/. I have Fedora 6 with Exim and my mail log is
/var/log/maillog

My system log is
/var/log/messages

I also have a couple of others:
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog

I usually use lynx to read my logs:
lynx /var/log/maillog

You can also use grep or cat
cat /var/log/maillog | more
grep -i fail /var/log/mail*

ASKER

the file /var/log/maillog is empty

ASKER

the whole grep command doesnt seem to be working

grep is used to find certain strings within a file. It will not give any output if the string you are searching for is not present in the files in which grep is looking. It really only works if you know what you are looking for. The string I gave ("fail") was just an example. It can be handy if you're looking for a specific date or time.

cat should do the job though if you just want to take a look through the logs.

ASKER

ok, how should i proceed?

ASKER

even if i use grep with a word like "if" which definitely appears all over the code it returns nothing.

Ok, so your message q is now empty but you cannot send any mail out through the server, right?

Can you confirm that the mail server is running?

You should be able to test it with telnet:

telenet yourhostname.com 25

If not running, you should see something like this:

Trying xx.xx.xxx.xx...
telnet: connect to address xx.xx.xxx.xx: Connection refused
telnet: Unable to connect to remote host: Connection refused

If running, you should see something like this:

Trying xx.xx.xxx.xx...
Connected to yourhostname.com (xx.xx.xxx.xx).
Escape character is '^]'.
220-yourhostname.com ESMTP ....... .......
220-Mail server greeting.

ASKER

ok, how do i do that?

telnet yourhostname.com 25

ASKER

fyi: this is the function that is supposed to send mail and that used to work:
@mail( $this->strTo, $this->xheaders['Subject'], $this->fullBody, $this->headers );

this is what i get:

[root@u15246640 /]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 u15246640.onlinehome-server.com ESMTP

Oh right. When exactly did it stop working? Would you be able to copy the simple script below somewhere to your server and run it - just to see what the output is?

<?php
 
error_reporting(E_ALL);
 
function sendmail() {
	$to = 'you@yourdomain.com';
	$from = 'you@yourdomain.com';
	$subject = 'Probe ' . date('Y-m-d h:i:s');
	$message = 'Testing...';
	$mail = mail( $to,$subject,$message,"From: $from\r\n" );
	if ( $mail===true ) {
		$msg = "Message has been submitted.";
	} else {
		$msg = "Message could not be submitted.";
	}
	return $msg;
}
 
$action = isset($_POST['action']) ? $_POST['action'] : '';
 
if ( $action == 'send_mail' ) {
	$o = sendmail();
	echo "<h2>$o</h2>";
}
 
?>
 
<div>
	<form action="" method="post">
		<div>
			<input type="hidden" name="action" value="send_form" />
			<button type="submit">Test Mail</button>
		</div>
	</form>
</div>

Open in new window

ASKER

i put the script onto http://projectscenter.com/pcenterprise/email_test.php and changed it to what you see below. The output seems to be empty...

<?php
 
error_reporting(E_ALL);
 
function sendmail() {
	$to = 'nima1981@gmail.com';
	$from = 'sales@projectscenter.com';
	$subject = 'Probe ' . date('Y-m-d h:i:s');
	$message = 'Testing...';
	$mail = mail( $to,$subject,$message,"From: $from\r\n" );
	if ( $mail===true ) {
		$msg = "Message has been submitted.";
	} else {
		$msg = "Message could not be submitted.";
	}
	return $msg;
}
 
$action = isset($_POST['action']) ? $_POST['action'] : '';
 
if ( $action == 'send_mail' ) {
	$o = sendmail();
	echo "<h2>$o</h2>";
}
 
?>
 
<div>
	<form action="" method="post">
		<div>
			<input type="hidden" name="action" value="send_form" />
			<button type="submit">Test Mail</button>
		</div>
	</form>
</div>

Open in new window

ASKER

by the way, i see this message when i log in:
/usr/sbin/sendmail: Exec format error

Ok, check again to make sure qmail is running:
ps ax | grep qmail-send

Whether it is or not, try stopping and starting it:
/etc/init.d/qmail stop
/etc/init.d/qmail start

(According to Plesk/SWSoft, this is the way to start/stop qmail via command line. Another way to control it is through the Plesk control panel - you might want to try that first).

If you don't get any results, take a look into this log file:
/usr/local/psa/var/log/maillog

(According to SWSoft, that is where the mail error messages will be logged).

ASKER

this is the maillog content at the end, while i restarted it a couple of times from within plesk and also using the command you showed:

[root@u15246640 /]# tail -f /usr/local/psa/var/log/maillog
Feb 11 14:26:47 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:36:00 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 129.240
Feb 11 14:43:27 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:46:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 219.84.
Feb 11 15:09:30 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 65.54.2
Feb 11 15:29:37 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 82.150.
Feb 11 15:33:28 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:49:43 u15246640 qmail: 1202762983.172630 status: exiting
Feb 11 15:50:00 u15246640 qmail: 1202763000.179039 status: local 0/200 remote 0/
Feb 11 15:50:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:57:59 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:58:05 u15246640 qmail: 1202763485.330916 status: exiting
Feb 11 15:58:05 u15246640 qmail: 1202763485.457063 status: local 0/200 remote 0/
Feb 11 15:58:06 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:59:25 u15246640 qmail: 1202763565.275466 status: exiting
Feb 11 15:59:25 u15246640 qmail: 1202763565.403041 status: local 0/200 remote 0/20
Feb 11 15:59:26 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:48213 (localhost)

this is the output from the first command you posted:

[root@u15246640 /]# ps ax | grep qmail-send
5741 ? S 0:00 qmail-send
6546 pts/0 S+ 0:00 grep qmail-send

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

how can i post a pointer?

Wow, you 2 have been busy since I got off work yesterday ;o)

John Simpson's qfix (queue fixing) script worked great for me on a standard Qmail install too. (not sure if it would need to be any different on a Plesk install though)

http://qmail.jms1.net/scripts/qfixq.shtml

Also, I came across a post regarding the error '/usr/sbin/sendmail: Exec format error'. It mentioned that the file it was pointing too might be corrupt. (granted its for Postfix but its using the same standard sendmail link that yours is)

http://archives.neohapsis.com/archives/postfix/2006-06/0062.html

When you do an ls -al in /var/qmail/bin what does it say for the sendmail file? Mine looks like the following:

-rwxr-xr-x 1 root qmail 14040 2007-12-19 14:29 sendmail

ASKER

i found the script that allowed the spammers attacks. emails seem to be going out now but get caught in most spam folders. until the blacklistings expire i would like to use an email server managed by the hosting company. how can i change the php/sendmail configuration in order to use another smtp server?

Have a look at the Pear Mail package:
http://pear.php.net/package/Mail

ASKER

how can i change the sendmail configuration files or the php.ini in order to use another smtp server than is currently used?

CWS (haripriya)

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
Delete with points refunded

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

cyberwebservice
Experts Exchange Cleanup Volunteer