If you think an e-mail account has been hacked in Plesk, use this to hunt down which one it could be:
cat /var/log/messages | grep -i smtp_auth | grep "logged in" | awk {' print $11 '} | awk -F / {' print $6"@"$5 '} | sort | uniq -c | sort -n | tail
major.io
Words of wisdom from a Linux engineer focused on information security
Hello, worked for me. I got an ID as result. How can I find out the ID and allocate it to a user or mail account?
Thank you!