But I guess the UID is linked only to the subscription, not to the domains within that subscription.
So then we should do: find /var/www/vhosts/<subscription>/ -name "roguescript.php"

For mail sent via sendmail:

Most of these will be sent via PHP.
When using PHP > 5.3 you should use the mail.add_x_header = On directive.

With this, you can track the uid, the uid can then be linked to domain.

This does ofcourse not work for mails sent via cron, but we rarely see spam sent via that way.
It is 99% of the time via PHP.
This is a great way to identify and limit PHP CMS exploits of doing damage.

We use policyd on our mail relay server, where all Plesk relay to.
It is _awesome_ .

We have limited the amount of mails to about 200 per domain per hour.
And for special customers / with special pacakges, we can set them to the MassMailer list and give them the needed amounts.

This has _greatly_ reduced spamlistings, and we have been better at identifying issues with spammy accounts.

Survey Answered

PER EMAIL ACCOUNT

To all having issues with blacklists.. I noticed there is something called "Policyd" for Postfix. I haven't checked it out yet, but it seems to have a 'mail limit' feature. Perhaps something you might want to check out.

We are having a lot of problems with clients email accounts being compromised and being used to spam - like everyone else we get put on the blacklists, clients get angry and it takes ages to restore the status quo to our server. Then there is Google, Yahoo & Hotmail who have their own rules and it can take weeks or months to get to be able to send email their servers.

A facility to limit how many emails an email account can send out per day would have limited the mess a spammer could have done and allowed us to deal with the compromised email box before too much harm was done.

At the moment their is nothing we can do.

I tried to purchase the new module Parallels premium outbound antispam but it has been withdrawn and is not longer able to be licensed albeit it is able to be installed and is actively being advertised and promoted.

The whole affair is just frustrating and for a legitimate company providing services to our client the fact that Parallels has nothing to assist with the increase acts on email servers is just ridiculous.

Please help your clients and address this issue asap - it is criminal that not more is being done to address the issues email servers are facing in the commerical world from a leading company supplying Control Panel software for peoples servers.

All Plesk Administrators Need a Feature to Control Outgoing Email per domain email user via SMTP Port 25, 587. cpanel has this feature since very long now.
Fail to Understand why Plesk has not added this feature by default.
Due to missing of this feature Plesk Server is OPEN for Hackers to Address simply sending Bulk mail because we have installed Plesk Panel on our Server.

Please PLESK TEAM add this FEATURE ASAP.

Very good idea. I like this option in the basic licences of Plesk.

The sooner the better!

This IS NOT a want feature. It is a MUST HAVE FEATURE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'm waiting this feature to migrate from 10.4 to 11.5 version...

when ?????????

This feature is a MUST in a so expensive User Panel like Plesk! I'm shame to see that Paralells isn't able to to this - TILL TODAY! Be ashamed Parallells!

Yes, it is a MUST

Need this feature before we start switching to cpanel

It'a a MUST!

This is a great idea!

I would highly suggest an option to send mail info about user exhausting the limits.

[x] Send mail about exhausted limit to [ ___________ ]

This way we would immediately know about mass mailing and we could react faster.

Yes but that program is only for linux, we also want it for windows

Hi,

On our Plesk nodes, I've manually added a outbound sending policy to postfix using "Policyd" - check out http://www.policyd.org/ for further information.

In my current config, it limits the amount of SASL authenticated emails to x allowed emails per hour.

Sean