Find SPAM senders using MailEnable with Plesk Windows
Navigating the MailEnable logs on a Windows server can be a bit of a challenge, but it's likely that SPAM is coming from a compromised email account or a malicious script. You can use a PowerShell script to check the MailEnable SMTP log for email accounts with high relay usage.
Create a readable log
- Enable administrator access on your Gen 3 or Gen 4 server if you haven't already done so.
- Connect to your Windows server using Remote Desktop (RDC).
- Using Windows Explorer, navigate to the C:\ drive, and create a directory called temp.
- Click on the Windows icon and run the built-in Notepad application.
- Paste the following code into the blank Notepad document that opens.
Spam Check Script - Windows 2016 and newer
#Specify the path of the SMTP logs $Path = "C:\Program Files (x86)\Mail Enable\Logging\SMTP" #Specify the files you wish to scan $FileType = "SMTP-Activity-*.log" #Specify where you want the output to be logged $OutputFile = "C:\temp\spamcheck.log" #Get all lines from the log file(s) which contain "SMTP-OU" and "FROM:<" $i = Get-ChildItem $Path -Filter $FileType| Get-Content | Where-Object { $_ -Match "SMTP-OU"} | Select-String -Pattern 'FROM:<' -CaseSensitive #Extract the email addresses from the prior results, get a count for each unique address, and print those results to a file [Regex]::Matches($i, '(?<=FROM\:\<).+?(?=\>)') | %{$_.value} | Group-Object -NoElement | Sort-Object -Descending Count| FT -Auto | Out-File -FilePath $OutputFile
Note: The path to the SMTP logs may be different depending on the version of Plesk installed. You may need to change the first lines of the script and substitute the correct path to the SMTP Logs.
Spam Check Script - Change needed for Windows 2012 Servers#Specify the path of the SMTP logs $Path = "C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\Logging\SMTP"
- Under the File menu,
- Select Save As...
- Navigate to the C:\temp directory in the dialog box.
- Name the file spamcheck.ps1
- Save as type All Files.
- The file should now appear in the C:\temp directory in Windows Explorer, and you can right-click on the file and select Run with Powershell.
Review the log
Once the script runs, a text file called spamcheck.log should appear in the same directory as the spamcheck.ps1 PowerShell script. If the script works as expected, the text file should contain a list of the email accounts that sent mail from the server, as well as the number of messages sent by each.
Count Name ----- ---- 6755 iamspammingyou@coolexample.com 12 webmaster@coolexample.com 1 admin@coolexample.com 1 postmaster@plesk.localhost
If there is an extremely large amount of log data for the script to analyze, it may take hours (or possibly days) to run. You can change the wildcard entry to a specific log file name to review only that file.
#Specify the files you wish to scan $FileType = "SMTP-Activity-*.log"
#Specify the files you wish to scan $FileType = "SMTP-Activity-210310.log"
If the script does not work as expected, a specific error will be generated to provide more information. Common issues include using the wrong path or filename.
Related steps
- Scripts can also be the cause of SPAM. See how you can enable PHPMail logging in Plesk Windows.
- Take steps to prevent SPAM issues on your server.
- Return to review email spam issues on your server.
More info
- Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.