Stop outgoing spam with plesk utility

Log example for Qmail:

Jan 23 18:59:00 linuxpc qmail-ctasd[30381]: OUT|IN IP:, From: root@domain.tld, sClass: Unknown, vClass: Unknown, RefID: str=0001.0AGB020A.4F1D91E2.00C7,ss=1,re=0.000,fgs=0, SenderID: test@testdomain.tld, Flags: 0, TMsg: 1, TSpam: 0, TSus: 0, TVirus: 0

Log example for Postfix:

 Feb 12 20:04:03 commtouch ct-milter[6578]: [ASVOD] OUT|IN IP:, Sender(Auth): <void-bounce-toppatty=root@domain.tld>((null)), Spam: Unknown, VOD: Unknown, RefID: str=0001.0A020301.4F37AAB3.0044:SCFSTAT1403659,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, Action: tag, Reason: global-policy, QueueId: unknown, SenderID: test@testdomain.tld, Flags: 0, TMsg: 1, TSpam: 0, TSus: 0, TVirus: 0

Command to find all such records in maillog:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID

Commands to count number of emails detected as spam / suspected spam / not spam:


egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: Confirmed|Spam: Bulk|sClass: Confirmed|sClass: Bulk" | wc -l

Suspected spam:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: Suspect|sClass: Suspect" | wc -l

Not spam:

egrep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: NonSpam|Spam: Unknown|sClass: NonSpam|sClass: Unknown" | wc -l

Notice that these commands do not filter by date, meaning that all records from maillog will be counted. To add a filter by date, use egrep as in:

grep "ctasd|ASVOD" /usr/local/psa/var/log/maillog | grep SenderID | egrep "Spam: NonSpam|Spam: Unknown|sClass: NonSpam|sClass: Unknown" | egrep "Mar 1|Feb 28" | wc -l

If maillog does not contain messages from OA, try adding the following lines into /etc/hosts, then disabling and re-enabling OA from the Plesk interface and sending several messages from one of the mail accounts hosted on the server:

OA statistics

Parallells Premium Outgoing Antispam provides spam activity statistics. You can find this function on the “Dashboard” tab.

Statistics are calculated every hour by the “crontab” task:

# cat /etc/cron.hourly/ctoblogs
/opt/ctch/ctoblogs.php >> /dev/null 2>&1

All logs are located in the /var/log/ctchob directory.

“lastepoch” – time of the last calculation in Unix format (date +%s)

“lastday.stats” – stats for last 24 hours

“lastweek.stats” – stats for last week

“2012” – folder for calculated statistics:

Naming convention:

    ^       ^      ^      ^         ^
    |       |      |      |         ----- extension for partial hour (hour didn't lap)
    |       |      |      --------------- Date with hour resolution, statistics represent
                                          the HH hour (HH:00 until HH:59).
    |       |      |                      Daily statistics are generated for the last full
                                          hour process to reflect last 24 hours.
    |       |      ---------------------- h = Hourly statistics; d = Daily statistics.
    |       ----------------------------- Year subfolder
    ------------------------------------- Commtouch's statistics collection subfolder


How to enable debug logging for statistics

  1. Modify the /opt/ctch/ctoblogs.php file, setting the debug level to “10” on this line:
  2. Modify /etc/cron.hourly/ctoblogs to make it look like this:
    /opt/ctch/ctoblogs.php >> /var/log/ctchob/debug.log  2>&1

    NOTE: for 11.5 version it should be:

    /opt/ctch/ctoblogs-ll-ver.php >> /var/log/ctchob/debug.log  2>&1

How to recalculate stats

  1. Make sure that maillog contains records for the required period.
  2. Remove the file which the lastday.stats link refers to.
  3. Modify lastepoch, setting the beginning time for statistics calculation. For example, if you want to recalculate stats for the last 24 hours, you can do it in the following way:
    # date +%s  -d '-1 day' > lastepoch
  4. Run this script: /opt/ctch/ctoblogs.php

Leave a Reply

Your email address will not be published. Required fields are marked *