Results 1 to 6 of 6
  1. #1
    Join Date
    Mar 2009
    Posts
    3,700

    how can i track if which script sent mail(spam) ?

    Hi,

    i check "Mail Queue Manager" in whm (centos),

    i find many mails and almost receiver mailbox is not general user,

    i think those may some forms had been used to sned mail(spam),

    i want to ask if any way i can track which script/form on the server sent out mails ?


    thanx

  2. #2
    Join Date
    May 2009
    Location
    /dev/null
    Posts
    171
    Only method i am aware of is http://www.conman.org/software/tidbits/wrapper.c

    It will produce format similar to:

    Dec 21 06:09:48 hostname smw: H: W: /directory/of/script/that/called/mail/function To: recipient Cc: (null) Bcc: (null)

    You need to add this to syslog-ng.conf and restart the daemon.

    #
    # Locals in one file:
    #

    destination df_localrest { file("/var/log/phpmail.log"); };

    filter f_localinfo { facility(local0,local2,local3,local4,local5,local6,local7) and level(info); };
    filter f_local0debug { facility(local0) and level(debug); };
    filter f_local1debug { facility(local1) and level(debug); };
    filter f_local2debug { facility(local2) and level(debug); };
    filter f_local3debug { facility(local3) and level(debug); };
    filter f_local4debug { facility(local4) and level(debug); };
    filter f_local5debug { facility(local5) and level(debug); };
    filter f_local6debug { facility(local6) and level(debug); };
    filter f_local7debug { facility(local7) and level(debug); };

    log { source(s_all); filter(f_localinfo); destination(df_localrest); };
    log { source(s_all); filter(f_local0debug); destination(df_localrest); };
    log { source(s_all); filter(f_local1debug); destination(df_localrest); };
    log { source(s_all); filter(f_local2debug); destination(df_localrest); };
    log { source(s_all); filter(f_local3debug); destination(df_localrest); };
    log { source(s_all); filter(f_local4debug); destination(df_localrest); };
    log { source(s_all); filter(f_local5debug); destination(df_localrest); };
    log { source(s_all); filter(f_local6debug); destination(df_localrest); };
    log { source(s_all); filter(f_local7debug); destination(df_localrest); };
    No script name but the directory. Imagine you having hundreds of webhosts, definitely this will be a big help.

    I supposed to do this myself a long time ago and when i saw your post, i started to investigate for it.
    Last edited by GameFrame; 12-21-2009 at 12:18 AM.
    NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
    nixapi.com

  3. #3
    Join Date
    Mar 2009
    Posts
    3,700
    Hi,do you also use cpanel ?thanx

  4. #4
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,452
    There are different methods of security, which can be used to track the mailer.

    1. enable suphp
    2. enable exim extended logging
    http://www.whmhelp.com/2009/10/exim-...-spammers.html


  5. #5
    Join Date
    Jul 2008
    Location
    Eta Carinae
    Posts
    2,672
    the mailheader option helps when compiling apache. And I think the other option is x-mailer? IT tells you what script was used.

    If you also use CSF, it will email you what script generated mass emails if it goes past your stated limit. Pretty useful.

    Otherwise as said above, suphp will help as well.

  6. #6
    Join Date
    May 2009
    Location
    /dev/null
    Posts
    171
    Quote Originally Posted by ttgt View Post
    Hi,do you also use cpanel ?thanx
    No, i configure everything manually. Best way to learn things.. i know itīs a good panel but for ten years i have never used menus, better when you can do all needed configs manually.
    NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
    nixapi.com

Similar Threads

  1. How do I track down spam coming FROM my server?
    By ZonePlate in forum Hosting Security and Technology
    Replies: 4
    Last Post: 05-29-2007, 11:23 AM
  2. Investigating SPAM mail - hidden insecure PHP script
    By anjanesh in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-13-2005, 04:29 AM
  3. Save newsltter script - that mail servers dont think are spam?
    By templatemake in forum Programming Discussion
    Replies: 12
    Last Post: 08-26-2004, 06:34 PM
  4. Is there a place we keep track of the hosts that spam?
    By mppedersen in forum Web Hosting
    Replies: 15
    Last Post: 12-30-2003, 02:12 PM
  5. How to track down spammer using php spam script?
    By Skeptical in forum Hosting Security and Technology
    Replies: 4
    Last Post: 10-12-2003, 11:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •