How to find which domain spamming via PHP script?

PLESK

1) Create a /var/qmail/bin/sendmail-wrapper script with the following content:

#!/bin/sh (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

Note, it should be two lines including ‘#!/bin/sh’.

2) Create a log file /var/tmp/mail.send and grant it “a+rw” rights; make the wrapper executable; rename old sendmail; and link it to the new wrapper:

~# touch /var/tmp/mail.send ~# chmod a+rw /var/tmp/mail.send ~# chmod a+x /var/qmail/bin/sendmail-wrapper ~# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail ~# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

3) Wait for an hour and change back sendmail:

~# rm -f /var/qmail/bin/sendmail ~# mv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

Examine the /var/tmp/mail.send file. There should be lines starting with “X-Additional-Header:” pointing to domain folders where the scripts which sent the mail are located.
You can see all the folders from where mail PHP scripts were run with the following command:

~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

Reference: http://kb.parallels.com/en/1711

Webserver Page

How to find which domain spamming via PHP script?

Leave a Reply