We can use different commands to check the mail activities on a postfix mail server. Some examples provided below:
1. To check the mail queue:
# mailq
To get the number of mails in the queue:
# mailq | wc -l
2. To flush the mail queue:
# postfix -f
# postfix flush OR
3. To remove all mails from the queue:
# postsuper -d ALL
4. To remove all mails in the deferred queue:
# postsuper -d ALL deferred
5. To know the number of messages there in the deferred queue:
# find /var/spool/postfix/deferred -type f | wc -l
6. To get a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:
# mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
7. Check which script is sending spam:
postcat -q <ID>
You can get the message ID from mailq command.
Usually, it will show the script which contains "X-PHP-Originating-Script". Check and identify the line which starts with "X-PHP-Originating-Script" and you can remove the script file as well since it will show the path as well.
1. To check the mail queue:
# mailq
To get the number of mails in the queue:
# mailq | wc -l
2. To flush the mail queue:
# postfix -f
# postfix flush OR
3. To remove all mails from the queue:
# postsuper -d ALL
4. To remove all mails in the deferred queue:
# postsuper -d ALL deferred
5. To know the number of messages there in the deferred queue:
# find /var/spool/postfix/deferred -type f | wc -l
6. To get a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:
# mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
7. Check which script is sending spam:
postcat -q <ID>
You can get the message ID from mailq command.
Usually, it will show the script which contains "X-PHP-Originating-Script". Check and identify the line which starts with "X-PHP-Originating-Script" and you can remove the script file as well since it will show the path as well.