You discover a spammer on your server, running a php script to send out thousands of emails through the server (via php user nobody), effectively bypassing the smtp server.
And as most know, sending via this method makes it very annoying in tracing the user.
Ok so to prevent this kind of thing happening you stop your server routing any emails through the user nobody, forcing users to use smtp.
Now this has proven to be very annoying as billing software you use requires the use of the php function of sending mail via user nobody. There is NO way to configure the software to use SMTP (I'm talking about Modernbill).
So an option would be to use phpsuexec (suexec already enabled), so you are able to trace who the users are who are sending emails.
Or you just make alterations to sendmail so that it logs where the script is being executed from (still allowing php function nobody to be used, but if spam is being sent out then it can be found as to who is doing it in this logfile).
What option would you choose?
Alternatively is there a known way to restrict the number of emails being sent by the user nobody? Or maybe only allow a certain user to use the user nobody? (nobody nobody nobody)