– Monitor maillog
tail -f /usr/local/psa/var/log/maillog
– Try to connect to 3rd party mail server (e.g. Yahoo Mail / Gmail) and check the error message
tail -100 /usr/local/psa/var/log/maillog
telnet IP 25
– Check qmail queue
/var/qmail/bin/qmail-qstat
– Check messages log
cat /var/log/messages
– Check apache log to see if there is any hacker’s script
cat /var/www/vhosts/DOMAIN/statistics/logs/access_log
– Check the email content from mailbox
cd /var/qmail/mailnames/DOMAIN/MAILBOX/Maildir/cur
– Clear qmail queue
service qmail stop
find /var/qmail/queue/mess -type f -exec rm {} \;
find /var/qmail/queue/info -type f -exec rm {} \;
find /var/qmail/queue/local -type f -exec rm {} \;
find /var/qmail/queue/intd -type f -exec rm {} \;
find /var/qmail/queue/todo -type f -exec rm {} \;
find /var/qmail/queue/remote -type f -exec rm {} \;
service qmail start