How to findout where spam is coming from with EXIM?

JakWillis

• October 01, 2014 10:57

I've tracked down the user which was sending out spam but I am wondering how can I determine where the script is that is doing it? I ran a scan looking for the mail() function but found nothing. maldet also found nothing. Can I add something to PHP and/or EXIM to better track down where the script location is?

• 

  cPanelMichael

  • October 01, 2014 16:12

  Hello :) You may find this thread helpful: Mail Sent From Script Thank you.

  0
• 

  JakWillis

  • October 01, 2014 17:23

  Do I need to recompile apache or php or anything? I am running php 5 with suphp

  0
• 

  cPanelMichael

  • October 01, 2014 17:24

  No, unless you are enabling an additional PHP module or changing Apache/PHP modules or versions. Thank you.

  0
• 

  John

  • October 05, 2014 13:57

  Try using below method, Edit /usr/local/lib/php.ini and add below lines mail.add_x_header = On mail.log = /var/log/phpmail.log And create a file called /var/log/phpmail.log, give full permission or exim user permission then restart Apache touch /var/log/phpmail.log chmod 777 /var/log/phpmail.log service httpd restart You can find the exact php script from "/var/log/phpmail.log", creating spam mails (it will also log all mails send using php mail function) ref: /http://blog.rimuhosting.com/2012/09/20/finding-spam-sending-scripts-on-your-server/

  0

Please sign in to leave a comment.