How to identify spam source on Plesk for Windows Server

Question

Many email messages are being sent using PHP scripts from a Plesk server. How to find spamming subscriptions?

Answer

1. Connect to the Plesk server via RDP.

2. Download Process Monitor utility.

3. Run Procmon.exe.

4. Configure filter to show only TCP packets which are sent on port 25 of a local server: Download this Process Monitor configuration file and import it to Process Monitor at File > Import Configuration....

5. Make sure only network activity is enabled in the settings bar (enabled by default).

   

6. Wait for the entries to start being logged as on the following screenshot:

   Click on the image to enlarge
   

7. Identify the spamming subscription by analyzing the output of the User table. In the example above, 'testtld' user represents the subscription 'test.tld'

Additional Information

• How to determine the source of server abuse | MailEnable
• For Linux, see this KB article.