If you are seeing spamming in a plesk server from the ID anonymous@hostname, then we need to find out the spammer account
For doing the same use the following steps
1) Let’s take a look in the mail queue and read one of those spam email references:
# /var/qmail/bin/qmail-qread
remote ankush_krishna2137@yahoo.com
6 Jan 2012 09:14:53 GMT #34012584 2987
2) Now we have a message ID, let’s search for the actual message:
# find /var/qmail/queue/ -name 34012584
/var/qmail/queue/info/0/34012584
/var/qmail/queue/remote/0/34012584
/var/qmail/queue/mess/0/34012584
3) Great! Now let’s see what’s in the message to get out that all telling UID:
# cat /var/qmail/queue/mess/0/34012584
Received: (qmail 9936 invoked by uid 10820); 6 Jan 2012 09:14:50 +0000
Date: 6 Jan 2012 09:14:50 +0000
Message-ID: <20120106091450.9934.qmail@server.microliteX.com>
To: annette@recdom.wandoo.co.uk
Subject: Urgent Reply
From: Mrs.Farida Waziri
4) Let’s map the UID to a domain name on the Plesk server:
# cat /etc/passwd | grep 10820
admin947932:x:10820:2523::/var/www/vhosts/thisisthespammer.com:/bin/false
5) Spammer caught :D
