Problem with spam

[Knarsa]

Is there a script that logs the path of the scritps used to send mail from?
I looking for who and where the spam is sent from on my server.

thank you
Regards
Knut

 

[ju5t]

Yes, there is. It might already be there though, have a look in the headers of an e-mail sent by PHP and search for X-PHP-SCRIPT.
If you use customapache, open build and look for APPLY_MAIL_HEADER_PATCH. Make sure it's set to 1 as follows:

APPLY_MAIL_HEADER_PATCH=1

If you use custombuild, open options.conf and look for mail-header-patch. Make sure it's set to yes as follows:

mail-header-patch=yes

Rebuild PHP afterwards and restart Apache.

./build clean
./build php n
/sbin/service httpd restart

E-mails sent by PHP now have the following header:

X-PHP-Script: domain.com/folder/script.php for 123.123.123.123

 

[Knarsa]

Thank you!

 

[frednoob]

how about the server that install manually without use custombuild or customapache ?? how to trace the spammer ?? also, how to secure smtp port or other sendmail, because i got report from many provider that my server have been use to spam, when i check nothing suspicious ....