Mail Server Queue Clogged

I have a linux server with a mail server running on it.

I am using Plesk 8.0.1 to manage my server but also have shell access to it.

I am running a PHP/MtSql application on that server.

Recently the mail server started making problems and the php application has been unable to send out emails.

When I check the mail queue in plesk I see tons of spam emails in there.

I am not very familiar with mail server management so I am wondering what I can do to get to the bottom of the issue.
SWB-ConsultingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian M.Web DeveloperCommented:
What mail server are you using? Postfix?
0
SWB-ConsultingAuthor Commented:
I think it's qmail.

How can I find out when logging onto the shell?
0
Julian M.Web DeveloperCommented:
Do you know what OS you have? The following command will give you details about your kernel but will also usually spit out what OS is installed - e.g. Debian, Fedora, etc:

cat /proc/version
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

SWB-ConsultingAuthor Commented:
this is what i get:

Linux version 2.6.16.27-061216a (root@buildd-amd64) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Sat Dec 16 13:15:27 CET 2006
0
Julian M.Web DeveloperCommented:
Ok, that makes it fairly easy because Debian uses the package tool apt.

To check what packages are installed, you can type the following:

dpkg -l | less

To check for a certain package, e.g. qmail, use the following:

dpkg -l | grep qmail

You can also check for Postfix, Exim

dpkg -l | grep postfix
dpkg -l | grep exim
0
SWB-ConsultingAuthor Commented:
I get this: on any of the commands above:
-bash: dpkg: command not found

however I do know that there is a program running called qmail and it seems to be responsible for the outgoing emails
0
Julian M.Web DeveloperCommented:
Ok, we'll just assume it's qmail then... What is the output you get when you enter
qmail-qread

It could be that you have a spammer on the server. Is it a shared server? Do you have a lot of users on it? It could also be a poorly coded script that is allowing spammers to advantage of a vulnerability to enable them to relay through your server.

See if qmail-qread gives you any hints as to who might be trying to relay the spam.
0
SWB-ConsultingAuthor Commented:
it is giving me an endless list like this:

5 Feb 2008 11:33:49 GMT  #699646401  2865  <anonymous@u15246640.onlinehome-server.com>
        remote  jje@sns.dk
5 Feb 2008 11:33:50 GMT  #699646424  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjellybelly@aol.com
5 Feb 2008 11:33:50 GMT  #699646447  2868  <anonymous@u15246640.onlinehome-server.com>
        remote  jjensen@pc.dk
5 Feb 2008 11:34:06 GMT  #699646355  2875  <anonymous@u15246640.onlinehome-server.com>
        remote  jjfbloem@iafrica.com
5 Feb 2008 11:34:07 GMT  #699646378  2871  <anonymous@u15246640.onlinehome-server.com>
        remote  jjfoxbox@msn.com
5 Feb 2008 11:34:07 GMT  #699646286  2883  <anonymous@u15246640.onlinehome-server.com>
        remote  jjgoulet@learn.senecac.on.ca
5 Feb 2008 11:34:08 GMT  #699646309  2878  <anonymous@u15246640.onlinehome-server.com>
        remote  jjeskilstrup@dadlnet.dk
5 Feb 2008 11:34:09 GMT  #699646332  2868  <anonymous@u15246640.onlinehome-server.com>
        remote  jjfdez@ual.es
5 Feb 2008 11:34:09 GMT  #699646217  2876  <anonymous@u15246640.onlinehome-server.com>
        remote  jjfisk@inter-linc.net
5 Feb 2008 11:34:10 GMT  #699646240  2873  <anonymous@u15246640.onlinehome-server.com>
        remote  jjgangluff@aol.com
5 Feb 2008 11:34:10 GMT  #699646263  2876  <anonymous@u15246640.onlinehome-server.com>
        remote  jjgrau@medicina.ub.es
5 Feb 2008 11:34:35 GMT  #699646125  2881  <anonymous@u15246640.onlinehome-server.com>
        remote  jjharris837@btinternet.com
5 Feb 2008 11:34:35 GMT  #699646148  2869  <anonymous@u15246640.onlinehome-server.com>
        remote  jjhv@arpem.com
5 Feb 2008 11:34:36 GMT  #699646171  2871  <anonymous@u15246640.onlinehome-server.com>
        remote  jjimmo@osets.com
5 Feb 2008 11:34:36 GMT  #699646056  2865  <anonymous@u15246640.onlinehome-server.com>
        remote  jjj@abv.bg
5 Feb 2008 11:34:36 GMT  #699646079  2882  <anonymous@u15246640.onlinehome-server.com>
        remote  jjjackson@lunarrepublic.com
5 Feb 2008 11:34:37 GMT  #699646102  2872  <anonymous@u15246640.onlinehome-server.com>
        remote  jjhenry64@msn.com
5 Feb 2008 11:34:37 GMT  #699645987  2871  <anonymous@u15246640.onlinehome-server.com>
        remote  jjhooper@shaw.ca
5 Feb 2008 11:34:37 GMT  #699646010  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjimenez@med.puc.cl
5 Feb 2008 11:34:38 GMT  #699646033  2865  <anonymous@u15246640.onlinehome-server.com>
        remote  jjj@abv.bg
5 Feb 2008 11:34:38 GMT  #699645895  2875  <anonymous@u15246640.onlinehome-server.com>
        remote  jjjack_r@yahoo.co.in
5 Feb 2008 11:34:58 GMT  #699645918  2193  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@hawthorns.com
5 Feb 2008 11:34:58 GMT  #699645941  2204  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@oldmalthouseschool.co.uk
5 Feb 2008 11:34:59 GMT  #699645826  2198  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@rosehillschool.com
5 Feb 2008 11:34:59 GMT  #699645849  2194  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@stmarys-gx.org
5 Feb 2008 11:35:00 GMT  #699645872  2194  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@fitz.cam.ac.uk
5 Feb 2008 11:35:01 GMT  #699645711  2189  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@obh.co.uk
5 Feb 2008 11:35:02 GMT  #699645734  2204  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@st-georges-college.co.uk
5 Feb 2008 11:35:26 GMT  #699645757  2887  <anonymous@u15246640.onlinehome-server.com>
        remote  jjjohnny_williams_sn10@yahoo.com
5 Feb 2008 11:35:26 GMT  #699645642  2866  <anonymous@u15246640.onlinehome-server.com>
        remote  jjk@acm.org
5 Feb 2008 11:35:26 GMT  #699645665  2868  <anonymous@u15246640.onlinehome-server.com>
        remote  jjkui@shaw.ca
5 Feb 2008 11:35:27 GMT  #699645688  2875  <anonymous@u15246640.onlinehome-server.com>
        remote  jjleonvall@yahoo.com
5 Feb 2008 11:35:28 GMT  #699645550  2887  <anonymous@u15246640.onlinehome-server.com>
        remote  jjjcr@erjudo-salvatore-bugli.com
5 Feb 2008 11:35:29 GMT  #699645573  2873  <anonymous@u15246640.onlinehome-server.com>
        remote  jjjorchids@aol.com
5 Feb 2008 11:35:29 GMT  #699645596  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjkkjj2@virgilio.it
5 Feb 2008 11:35:29 GMT  #699645481  2877  <anonymous@u15246640.onlinehome-server.com>
        remote  jjl.iversen@bmb.sdu.dk
5 Feb 2008 11:35:30 GMT  #699645504  2870  <anonymous@u15246640.onlinehome-server.com>
        remote  jjlewis@shaw.ca
5 Feb 2008 11:35:49 GMT  #699645527  2194  <anonymous@u15246640.onlinehome-server.com>
        remote  bureau@quayline.co.uk
5 Feb 2008 11:35:49 GMT  #696448642  2192  <anonymous@u15246640.onlinehome-server.com>
        remote  burfordcook@aol.com
5 Feb 2008 11:35:49 GMT  #696448665  2197  <anonymous@u15246640.onlinehome-server.com>
        remote  burgessian@btconnect.com
5 Feb 2008 11:35:50 GMT  #696448688  2200  <anonymous@u15246640.onlinehome-server.com>
        remote  burley.manor@forestdale.com
5 Feb 2008 11:35:50 GMT  #696448596  2200  <anonymous@u15246640.onlinehome-server.com>
        remote  burnham.reception@quest.com
5 Feb 2008 11:35:51 GMT  #696448619  2196  <anonymous@u15246640.onlinehome-server.com>
        remote  burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:51 GMT  #696448527  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjlscandig@yahoo.es
5 Feb 2008 11:35:51 GMT  #696448550  2200  <anonymous@u15246640.onlinehome-server.com>
        remote  burrettfield@btinternet.com
5 Feb 2008 11:35:52 GMT  #696448573  2882  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmarco@viajessalamanca.com
5 Feb 2008 11:35:52 GMT  #696448435  2870  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmartos@ugr.es
5 Feb 2008 11:35:52 GMT  #696448458  2877  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmckay@jonesradio.net
5 Feb 2008 11:35:53 GMT  #696448366  2196  <anonymous@u15246640.onlinehome-server.com>
        remote  bureelectricalco@fs.net
5 Feb 2008 11:35:53 GMT  #696448389  2197  <anonymous@u15246640.onlinehome-server.com>
        remote  burgess.ifs@ntlworld.com
5 Feb 2008 11:35:54 GMT  #696448412  2204  <anonymous@u15246640.onlinehome-server.com>
        remote  burgesshill@arjomerchants.co.uk
5 Feb 2008 11:35:54 GMT  #696448297  2200  <anonymous@u15246640.onlinehome-server.com>
        remote  burgoine.bwd@btinternet.com
5 Feb 2008 11:35:54 GMT  #696448320  2869  <anonymous@u15246640.onlinehome-server.com>
        remote  jjm@dlogue.net
5 Feb 2008 11:35:55 GMT  #696448343  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmail@sympatico.ca
5 Feb 2008 11:35:55 GMT  #696448228  2882  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmarco@viajessalamanca.com
5 Feb 2008 11:35:55 GMT  #696448251  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmartinez@brrd.com
5 Feb 2008 11:35:55 GMT  #696448274  2205  <anonymous@u15246640.onlinehome-server.com>
        remote  burnham@sherriff-mountford.co.uk
5 Feb 2008 11:35:56 GMT  #696448182  2196  <anonymous@u15246640.onlinehome-server.com>
        remote  burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:56 GMT  #696448205  2868  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmni@msn.com
5 Feb 2008 11:35:57 GMT  #696448113  2881  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmtrading@mail.telepac.pt
5 Feb 2008 11:35:57 GMT  #696448136  2201  <anonymous@u15246640.onlinehome-server.com>
        remote  burridge@perins.hants.sch.uk
5 Feb 2008 11:35:57 GMT  #696448159  2202  <anonymous@u15246640.onlinehome-server.com>
        remote  bursar@birkenheadschool.co.uk
5 Feb 2008 11:36:14 GMT  #696447975  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmurcia@serida.org
5 Feb 2008 11:36:15 GMT  #696447998  2870  <anonymous@u15246640.onlinehome-server.com>
        remote  jjnk19@pobox.sk
5 Feb 2008 11:36:15 GMT  #696448021  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjoco76@freemail.hu
5 Feb 2008 11:36:15 GMT  #696447906  2868  <anonymous@u15246640.onlinehome-server.com>
        remote  jjoggi@sol.dk
5 Feb 2008 11:36:16 GMT  #696447929  2881  <anonymous@u15246640.onlinehome-server.com>
        remote  jjohnson@chass.utoronto.ca
5 Feb 2008 11:36:17 GMT  #696447952  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjmurcia@serida.org
5 Feb 2008 11:36:18 GMT  #696447860  2870  <anonymous@u15246640.onlinehome-server.com>
        remote  jjo@olafsson.is
5 Feb 2008 11:36:19 GMT  #696447883  2868  <anonymous@u15246640.onlinehome-server.com>
        remote  jjoggi@sol.dk
5 Feb 2008 11:36:20 GMT  #696447791  2874  <anonymous@u15246640.onlinehome-server.com>
        remote  jjohnston@iafwa.org
5 Feb 2008 11:36:33 GMT  #696447814  2873  <anonymous@u15246640.onlinehome-server.com>
        remote  jjones@agacgfm.org
5 Feb 2008 11:36:35 GMT  #696447837  2871  <anonymous@u15246640.onlinehome-server.com>
        remote  jjooll@seznam.cz
5 Feb 2008 11:36:35 GMT  #696447722  2187  <anonymous@u15246640.onlinehome-server.com>
        remote  bua@fish.co.uk

I interrupted it at one point because it didnt want to stop.

It is a dedicated server and I am using it for myself only. However it is possible that somewhere there is a badly coded script that is causing this. I have about 2400 user accounts on the php application that is running on the server.
0
Julian M.Web DeveloperCommented:
Ok, I'm taking a wild guess that somewhere on your server is a PHP script that sends mail. A spammer must have discovered a vulnerability and is using e-mail injection to relay through your mail server. You would need to try and identify the script that's causing the problems, but if the only person that has access to the FTP server to upload and edit files is you, it might not be that difficult to identify the script. How many scripts do you have that are capable of sending mail?

Also, look through your access logs and see if you can identify the IP address of the spammer. Once you know the IP you can block them from in your mail server and deny access to your site. Of course they could be (and more than likely are) on a dynamic IP, but maybe if you send the ISP the IP and timestamp they might be able to hassle them a little.
0
SWB-ConsultingAuthor Commented:
what is the best way to search for all potential scripts that could be causing the problem? a common function like mail()? How exaclty would the spammer utilize the weak script if he does not have access to the server? it also says "anonymous@u15246640.onlinehome-server.com", does this give any indication?
0
SWB-ConsultingAuthor Commented:
also is there maybe a way to "listen" on the server to see what is going on and where there is activity. because it seems like the system is generating spam mail by the second, so maybe that would be a way to trace it...
0
Julian M.Web DeveloperCommented:
>> what is the best way to search for all potential scripts
Depending on how many files and directories you have, you could use something like the following to search through your files:

grep -inr 'mail('

The '-i' flag is to ignore case, '-n' is to give you the line numbers where the code appears, and the '-r' is to do a recursive search.

>> How exactly would the spammer utilize the weak script
A spammer can easily do this by injecting code into the headers of the mail. The thing to remember is never trust any user input. For example, consider following:

A mail function could look like so:
mail($to, $subject, $body, $headers);

If a HTML form asks for the sender's email address, and your PHP creates $headers from the $from value:
$headers = "From: $from\n";

...a malicious user could do this:
$from = 'user@mysite.com%0ACc: otheruser@othersite.com%0ABcc: anotheruser@anothersite.com';

>> it also says "anonymous@u15246640.onlinehome-server.com", does this give any indication?
Yes - this usually implies that no From header is being sent, or the malicious user posted his address as "anonymous" - if the address is not a full formatted e-mail address, the mail server will automatically append the server's hostname.
0
Julian M.Web DeveloperCommented:
>> also is there maybe a way to "listen" on the server to see what is going on
You could install logcheck, which will automatically filter out important data from your syslog and e-mail it to you on an hourly basis.

To install it, run the following command:
apt-get install logcheck

You can get more details here:
http://logcheck.org/
http://packages.debian.org/etch/logcheck
0
SWB-ConsultingAuthor Commented:
and to temporarily fix the issues with my current mail servers, what can I do?
Can I disable access for emails using the anonynous address?
Does the command qmail-clean help in any way?
0
Julian M.Web DeveloperCommented:
Not sure if qmail-clean will help much. I'm actually not that familiar with qmail.
There are two things that might help though. One is a script called qmail-remove which uses a regex to filter out and remove spam from your mail queue, and the other is a program which will filter your queue in future - from what I understand is that it puts the mails into a "fake" queue, filters for spam and then sends the genuine mail to the "real" mail queue.

qmail-remove
http://www.linuxmagic.com/opensource/qmail/qmail-remove/

qmail-qfilter can be installed via apt-get:
apt-cache search qmail-qfilter
apt-get install qmail-qfilter
0
Julian M.Web DeveloperCommented:
0
SWB-ConsultingAuthor Commented:
i have actually never installed any application on this server so I would prefer a solution that does not require any installations.
0
SWB-ConsultingAuthor Commented:
the grep command crashes, even when I enter grep -- help , it just loads but i dont see anything happening...
0
Julian M.Web DeveloperCommented:
With Debian package management is extremely easy. If you wanted to remove (uninstall) the qmail-qfilter package afterwards, all you would need to do is:

apt-get remove qmail-qfilter

You could delete the mail queue but I'm guessing that the problem is going to repeat itself unless the PHP script is "patched". I don't know enough about qmail to give instructions for blocking outgoing mail by e-mail address. Chances are good that you get an answer to this in the Qmail zone though:
http:/Software/Server_Software/Email_Servers/Qmail/

Try running the following commands:

apt-get update
apt-get upgrade grep
0
SWB-ConsultingAuthor Commented:
i get

-bash: apt-get: command not found
0
Julian M.Web DeveloperCommented:
Are you logged in as root? What happens if you try:
/usr/bin/apt-get update
0
SWB-ConsultingAuthor Commented:
yes i am in as root

it says "file or directory not found" when i enter that.
0
Julian M.Web DeveloperCommented:
That's odd! How do you normally keep Debian updated? I don't suppose the command "aptitude" works, does it?
0
SWB-ConsultingAuthor Commented:
no it doesnt work. i dont usually update the server, but have a third party manage an update it.
0
SWB-ConsultingAuthor Commented:
0
Julian M.Web DeveloperCommented:
I did notice from the secure.txt file that you've got a cracker trying to get in to SSH. This is pretty common and there's a couple of things you can do to protect yourself - one is an app called DenyHosts, which automatically denies hostnames that are violating security (prevents dictionary attacks, brute force, etc), and the other is basically just changing your SSH port from 21 to something non-standard. This usually stops all the annoying script-kiddies.

The audit file looks like someone from South Africa attempting to infiltrate your server by uploading malicious scripts. Looks like the attempt failed but is there a chance someone else may have succeeded with an earlier attempt? Usually, these things are nothing to worry about - but only if your PHP scripts are secure, and if 3rd party software like for example Joomla are kept secure and updated.

I read that you can move your queue file. Qmail will automatically create a new queue with the correct ownership and permissions. This might be a temporary fix to your Qmail problem.

mv /var/qmail/queue /var/qmail/queue.old

If you do this, just make sure you stop qmail first.
0
SWB-ConsultingAuthor Commented:
how do i stop qmail?
0
Julian M.Web DeveloperCommented:
Normally, to stop a service in Debian, you would do following:
/etc/init.d/qmail stop

You can check if there is a qmail script in init.d by doing following:
ls -l /etc/init.d/

You could also try:
qmailctl stop
0
Syngin9Commented:
Ok wait, just because the server is Debian doesn't mean he's running the Apt Qmail package.  Plesk is probably a customized source install.

If its a source install, there's usually a file called qmailctl that lets you control Qmail:

qmailctl stop
qmailctl start

etc.

As to manipulating the email queue, be careful as its easy to lock the whole queue up.  I'd recommend using the following script to do the manipulation for you:

http://sourceforge.net/projects/qmhandle

Assuming you can figure out the commands for starting and stopping Qmail, add them in this script and you should be able to use it right away.
0
SWB-ConsultingAuthor Commented:
i just found out that i am using fedora core 6 + plesk 8x.

does that change anything?
0
Julian M.Web DeveloperCommented:
Well, that would explain why apt and dpkg etc. doesn't work :)

Does not really change much though. You'll still need to sort out the mail queue. Have you tried "qmailctl stop" to stop the mail server?

From what I've read, you should be able to just move the queue, but as I said, I've no experience with qmail so I cannot guarantee anything.
0
Syngin9Commented:
Hmm, if I'm not mistaken, doesn't PHP access the mail server via the sendmail executable of file link?  I have the following 2 files on my system that tie into Qmail:

lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/sbin/sendmail -> /var/qmail/bin/sendmail

lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/lib/sendmail -> /var/qmail/bin/sendmail

I seem to recall that PHP lost emailing ability when I accidentally installed another MTA (long story) and it overwrote these links (and I had to restore these to be able to send via PHP again)
0
SWB-ConsultingAuthor Commented:
it tells me

-bash: qmailctl: command not found
0
SWB-ConsultingAuthor Commented:
i have these lines in my php.ini:

[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25

; For Win32 only.
;sendmail_from = me@example.com

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = /usr/sbin/sendmail -t -i

; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_parameters =
0
Syngin9Commented:
that should read '...OR file link'
0
Syngin9Commented:
Hmm, I think you should have all of the Win32 stuff commented out.

ie. this:
SMTP = localhost
smtp_port = 25

Does /usr/sbin/sendmail exist?  Run the following to see:

cd /usr/sbin
ls -al sendm*

Post what the output is here.
0
Julian M.Web DeveloperCommented:
You can use following commands to check if /usr/sbin/sendmail is symlinked to /var/qmail/bin/sendmail :

ls -la /usr/sbin/

Look for sendmail and check if it has a symbolic link.
0
SWB-ConsultingAuthor Commented:
syngin9:

output:
lrwxrwxrwx  1 root root      21  6. Mär 2007  sendmail -> /etc/alternatives/mta
-rwxr-xr-x  1 root root  175032 20. Apr 2005  sendmail.postfix
-rwxr-sr-x  1 root smmsp 761616 20. Jul 2006  sendmail.sendmail
0
Syngin9Commented:
Hmm that seemed to look a little strange (must be a Plesk rather than Qmail thing)  I did come across the following though:

http://forums.overclockersclub.com/index.php?showtopic=72866&mode=threaded&pid=707625

"Yep. The whole sendmail thing is a bit of a mess. The sendmail symlink (sendmail -> /etc/alternatives/mta) is actually a symlink itself (/etc/alternatives/mta->/var/qmail/bin/sendmail)! Qmail seems to be customised by the people who make PLESK in this case. "

If that's the case, it's pointed to the right place.  Does /var/qmail/bin/sendmail exist?

0
Syngin9Commented:
How many users do you have set up on this system?  From that long queue list you posted, I 'd say that a spammer has managed to tap into one of the accounts to send spam out on. (judging by the alphabetical listing)
0
Julian M.Web DeveloperCommented:
You should be able to manage your mail queue via Plesk itself.

To return your mail server to an operable state, delete the unwanted messages from the mail server's message queue.

To see the messages in the message queue and to delete them:

1. Click the Server shortcut in the navigation pane.
2. Click Mail icon in the Services group.
3. Click the Mail Queue tab. The following information will be presented:

To delete a message from the queue, select the corresponding check box and click Remove Selected. To delete all messages from the queue, select the check box in the upper-right corner of the messages list, and click Remove Selected.
0
SWB-ConsultingAuthor Commented:
right now the mail queue is empty and does not get loaded (i restarted qmail). But when I try to use the script that was usually used to send out email notifications the email does not get sent out. it also does not make it into the mail queue. how can i find the cause?
0
Syngin9Commented:
Have a peek in the Apache error logs.  Perhaps it will mention something in there.
0
Julian M.Web DeveloperCommented:
You can also have a look in the mail logs and the syslog. Could be under /var/log/.
0
SWB-ConsultingAuthor Commented:
there is nothing in the apache log. how can i check the mail log?
0
Julian M.Web DeveloperCommented:
I don't know where your mail log is located but usually you would find most logs in /var/log/. I have Fedora 6 with Exim and my mail log is
/var/log/maillog

My system log is
/var/log/messages

I also have a couple of others:
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog

I usually use lynx to read my logs:
lynx /var/log/maillog

You can also use grep or cat
cat /var/log/maillog | more
grep -i fail /var/log/mail*
0
SWB-ConsultingAuthor Commented:
the file /var/log/maillog is empty
0
SWB-ConsultingAuthor Commented:
the whole grep command doesnt seem to be working
0
Julian M.Web DeveloperCommented:
grep is used to find certain strings within a file. It will not give any output if the string you are searching for is not present in the files in which grep is looking. It really only works if you know what you are looking for. The string I gave ("fail") was just an example. It can be handy if you're looking for a specific date or time.

cat should do the job though if you just want to take a look through the logs.
0
SWB-ConsultingAuthor Commented:
ok, how should i proceed?
0
SWB-ConsultingAuthor Commented:
even if i use grep with a word like "if" which definitely appears all over the code it returns nothing.
0
Julian M.Web DeveloperCommented:
Ok, so your message q is now empty but you cannot send any mail out through the server, right?

Can you confirm that the mail server is running?
0
Julian M.Web DeveloperCommented:
You should be able to test it with telnet:

telenet yourhostname.com 25

If not running, you should see something like this:

Trying xx.xx.xxx.xx...
telnet: connect to address xx.xx.xxx.xx: Connection refused
telnet: Unable to connect to remote host: Connection refused

If running, you should see something like this:

Trying xx.xx.xxx.xx...
Connected to yourhostname.com (xx.xx.xxx.xx).
Escape character is '^]'.
220-yourhostname.com  ESMTP ....... .......
220-Mail server greeting.
0
SWB-ConsultingAuthor Commented:
ok, how do i do that?
0
Julian M.Web DeveloperCommented:
telnet yourhostname.com 25
0
SWB-ConsultingAuthor Commented:
fyi: this is the function that is supposed to send mail and that used to work:
@mail( $this->strTo, $this->xheaders['Subject'], $this->fullBody, $this->headers );

this is what i get:

[root@u15246640 /]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 u15246640.onlinehome-server.com ESMTP
0
Julian M.Web DeveloperCommented:
Oh right. When exactly did it stop working? Would you be able to copy the simple script below somewhere to your server and run it - just to see what the output is?
<?php
 
error_reporting(E_ALL);
 
function sendmail() {
	$to = 'you@yourdomain.com';
	$from = 'you@yourdomain.com';
	$subject = 'Probe ' . date('Y-m-d h:i:s');
	$message = 'Testing...';
	$mail = mail( $to,$subject,$message,"From: $from\r\n" );
	if ( $mail===true ) {
		$msg = "Message has been submitted.";
	} else {
		$msg = "Message could not be submitted.";
	}
	return $msg;
}
 
$action = isset($_POST['action']) ? $_POST['action'] : '';
 
if ( $action == 'send_mail' ) {
	$o = sendmail();
	echo "<h2>$o</h2>";
}
 
?>
 
<div>
	<form action="" method="post">
		<div>
			<input type="hidden" name="action" value="send_form" />
			<button type="submit">Test Mail</button>
		</div>
	</form>
</div>

Open in new window

0
SWB-ConsultingAuthor Commented:
i put the script onto http://projectscenter.com/pcenterprise/email_test.php and changed it to what you see below. The output seems to be empty...

<?php
 
error_reporting(E_ALL);
 
function sendmail() {
	$to = 'nima1981@gmail.com';
	$from = 'sales@projectscenter.com';
	$subject = 'Probe ' . date('Y-m-d h:i:s');
	$message = 'Testing...';
	$mail = mail( $to,$subject,$message,"From: $from\r\n" );
	if ( $mail===true ) {
		$msg = "Message has been submitted.";
	} else {
		$msg = "Message could not be submitted.";
	}
	return $msg;
}
 
$action = isset($_POST['action']) ? $_POST['action'] : '';
 
if ( $action == 'send_mail' ) {
	$o = sendmail();
	echo "<h2>$o</h2>";
}
 
?>
 
<div>
	<form action="" method="post">
		<div>
			<input type="hidden" name="action" value="send_form" />
			<button type="submit">Test Mail</button>
		</div>
	</form>
</div>

Open in new window

0
SWB-ConsultingAuthor Commented:
by the way, i see this message when i log in:
/usr/sbin/sendmail: Exec format error
0
Julian M.Web DeveloperCommented:
Ok, check again to make sure qmail is running:
ps ax | grep qmail-send

Whether it is or not, try stopping and starting it:
/etc/init.d/qmail stop
/etc/init.d/qmail start

(According to Plesk/SWSoft, this is the way to start/stop qmail via command line. Another way to control it is through the Plesk control panel - you might want to try that first).

If you don't get any results, take a look into this log file:
/usr/local/psa/var/log/maillog

(According to SWSoft, that is where the mail error messages will be logged).
0
SWB-ConsultingAuthor Commented:
this is the maillog content at the end, while i restarted it a couple of times from within plesk and also using the command you showed:

[root@u15246640 /]# tail -f /usr/local/psa/var/log/maillog
Feb 11 14:26:47 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:36:00 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 129.240
Feb 11 14:43:27 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:46:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 219.84.
Feb 11 15:09:30 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 65.54.2
Feb 11 15:29:37 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 82.150.
Feb 11 15:33:28 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:49:43 u15246640 qmail: 1202762983.172630 status: exiting
Feb 11 15:50:00 u15246640 qmail: 1202763000.179039 status: local 0/200 remote 0/
Feb 11 15:50:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:57:59 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:58:05 u15246640 qmail: 1202763485.330916 status: exiting
Feb 11 15:58:05 u15246640 qmail: 1202763485.457063 status: local 0/200 remote 0/
Feb 11 15:58:06 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:59:25 u15246640 qmail: 1202763565.275466 status: exiting
Feb 11 15:59:25 u15246640 qmail: 1202763565.403041 status: local 0/200 remote 0/20
Feb 11 15:59:26 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:48213 (localhost)


this is the output from the first command you posted:

[root@u15246640 /]# ps ax | grep qmail-send
 5741 ?        S      0:00 qmail-send
 6546 pts/0    S+     0:00 grep qmail-send
0
Julian M.Web DeveloperCommented:
I wonder if your queue might be corrupt... I've read that this can easily happen with qmail. There is a "queue checking utility" on qmail.org... At this point, maybe you should ask a moderator if they could post a pointer in the Qmail zone.

Are you able to send e-mails via SMTP - i.e. not through PHP, but rather through a mail client?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SWB-ConsultingAuthor Commented:
how can i post a pointer?
0
Syngin9Commented:
Wow, you 2 have been busy since I got off work yesterday ;o)

John Simpson's qfix (queue fixing) script worked great for me on a standard Qmail install too. (not sure if it would need to be any different on a Plesk install though)

http://qmail.jms1.net/scripts/qfixq.shtml

Also, I came across a post regarding the error '/usr/sbin/sendmail: Exec format error'.  It mentioned that the file it was pointing too might be corrupt. (granted its for Postfix but its using the same standard sendmail link that yours is)

http://archives.neohapsis.com/archives/postfix/2006-06/0062.html

When you do an ls -al in /var/qmail/bin what does it say for the sendmail file?  Mine looks like the following:

-rwxr-xr-x  1 root   qmail   14040 2007-12-19 14:29 sendmail

0
SWB-ConsultingAuthor Commented:
i found the script that allowed the spammers attacks. emails seem to be going out now but get caught in most spam folders. until the blacklistings expire i would like to use an email server managed by the hosting company. how can i change the php/sendmail configuration in order to use another smtp server?
0
Julian M.Web DeveloperCommented:
Have a look at the Pear Mail package:
http://pear.php.net/package/Mail
0
SWB-ConsultingAuthor Commented:
how can i change the sendmail configuration files or the php.ini in order to use another smtp server than is currently used?
0
CWS (haripriya)Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
   Delete with points refunded

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

cyberwebservice
Experts Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.