What is the path for email sender file in DirectAdmin?

mbsmt

mbsmt

Verified User
Joined
Jul 24, 2013
Messages
140
Location
Mashhad, Iran
Hi.
It is about a month which I am receiving some repetitive emails from one of my websites. I knew I had some changes on this website some months ago and added a PHP mail function on one of files, but I forgot its path and could not find the email sender file.
Is there any way to know which file is sending emails on DirectAdmin accounts?
 
If you have CSF/LFD running, you could temporarily block non-smtp mail and you will see the php mails getting blocked and from where.

There might be better solutions, but I normally use this.

I presume you did not use this:

Version 1.22.3 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com
 
Richard G said:
If you have CSF/LFD running, you could temporarily block non-smtp mail and you will see the php mails getting blocked and from where.

There might be better solutions, but I normally use this.

I presume you did not use this:

Version 1.22.3 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com
Click to expand...
I know which account is sending emails. It is mine.
Just, I need to know which file is sending such emails. As the quantity of files on the server is high, I couldn't find the sender file among them to remove the mail() from it. I need to know the path for the sender file.
 
Please do not quote full posts.

As stated before:
Richard G said:
you will see the php mails getting blocked and from where.
Click to expand...
so this should point to the script file sending it.

However, if you already know the account, you could find it via your php mail log which script (file) is sending the mail.
/home/accountname/.php/php-mail.log
 
Richard G said:
Please do not quote full posts.

As stated before:

so this should point to the script file sending it.

However, if you already know the account, you could find it via your php mail log which script (file) is sending the mail.
/home/accountname/.php/php-mail.log
Click to expand...
There is nothing in this file.
 
Again, please do not quote full posts. Use the reply button or quickreply button. Quoting full posts is not done and is making things unclear.

If there is nothing in this file, I'm starting to doubt if things are send via php mail. But then the only solution is what I said before.
Or maybe somebody else has an idea.

Maybe a hacker installed a mailserver, could be anything.
Try the lsof -i :25 command for example.
 
That looks correct, so no hidden mailserver on port 25.
Then I would use the CSF/LFD solution to block the mail, if all is correct then the script causing the issue should be in the log or in the blocking notification.
Otherwise I don't have a clue.
 
You must log in or register to reply here.
Back
Top