Results 1 to 6 of 6
-
12-20-2009, 08:21 PM #1Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,700
how can i track if which script sent mail(spam) ?
Hi,
i check "Mail Queue Manager" in whm (centos),
i find many mails and almost receiver mailbox is not general user,
i think those may some forms had been used to sned mail(spam),
i want to ask if any way i can track which script/form on the server sent out mails ?
thanx
-
12-21-2009, 12:14 AM #2WHT Addict
- Join Date
- May 2009
- Location
- /dev/null
- Posts
- 171
Only method i am aware of is http://www.conman.org/software/tidbits/wrapper.c
It will produce format similar to:
Dec 21 06:09:48 hostname smw: H: W: /directory/of/script/that/called/mail/function To: recipient Cc: (null) Bcc: (null)
You need to add this to syslog-ng.conf and restart the daemon.
#
# Locals in one file:
#
destination df_localrest { file("/var/log/phpmail.log"); };
filter f_localinfo { facility(local0,local2,local3,local4,local5,local6,local7) and level(info); };
filter f_local0debug { facility(local0) and level(debug); };
filter f_local1debug { facility(local1) and level(debug); };
filter f_local2debug { facility(local2) and level(debug); };
filter f_local3debug { facility(local3) and level(debug); };
filter f_local4debug { facility(local4) and level(debug); };
filter f_local5debug { facility(local5) and level(debug); };
filter f_local6debug { facility(local6) and level(debug); };
filter f_local7debug { facility(local7) and level(debug); };
log { source(s_all); filter(f_localinfo); destination(df_localrest); };
log { source(s_all); filter(f_local0debug); destination(df_localrest); };
log { source(s_all); filter(f_local1debug); destination(df_localrest); };
log { source(s_all); filter(f_local2debug); destination(df_localrest); };
log { source(s_all); filter(f_local3debug); destination(df_localrest); };
log { source(s_all); filter(f_local4debug); destination(df_localrest); };
log { source(s_all); filter(f_local5debug); destination(df_localrest); };
log { source(s_all); filter(f_local6debug); destination(df_localrest); };
log { source(s_all); filter(f_local7debug); destination(df_localrest); };
I supposed to do this myself a long time ago and when i saw your post, i started to investigate for it.Last edited by GameFrame; 12-21-2009 at 12:18 AM.
█ NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
█ nixapi.com
-
12-21-2009, 12:32 AM #3Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,700
Hi,do you also use cpanel ?thanx
-
12-21-2009, 12:46 AM #4Disabled
- Join Date
- Apr 2005
- Location
- Cochin
- Posts
- 2,452
There are different methods of security, which can be used to track the mailer.
1. enable suphp
2. enable exim extended logging
http://www.whmhelp.com/2009/10/exim-...-spammers.html
-
12-21-2009, 02:01 AM #5Web Hosting Master
- Join Date
- Jul 2008
- Location
- Eta Carinae
- Posts
- 2,672
the mailheader option helps when compiling apache. And I think the other option is x-mailer? IT tells you what script was used.
If you also use CSF, it will email you what script generated mass emails if it goes past your stated limit. Pretty useful.
Otherwise as said above, suphp will help as well.
-
12-21-2009, 11:27 AM #6WHT Addict
- Join Date
- May 2009
- Location
- /dev/null
- Posts
- 171
█ NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
█ nixapi.com
Similar Threads
-
How do I track down spam coming FROM my server?
By ZonePlate in forum Hosting Security and TechnologyReplies: 4Last Post: 05-29-2007, 11:23 AM -
Investigating SPAM mail - hidden insecure PHP script
By anjanesh in forum Hosting Security and TechnologyReplies: 1Last Post: 08-13-2005, 04:29 AM -
Save newsltter script - that mail servers dont think are spam?
By templatemake in forum Programming DiscussionReplies: 12Last Post: 08-26-2004, 06:34 PM -
Is there a place we keep track of the hosts that spam?
By mppedersen in forum Web HostingReplies: 15Last Post: 12-30-2003, 02:12 PM -
How to track down spammer using php spam script?
By Skeptical in forum Hosting Security and TechnologyReplies: 4Last Post: 10-12-2003, 11:36 PM