Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

how to find nobody scripts sending mail

Discussion in 'E-mail Discussion' started by salvatore333, Feb 22, 2006.

  1. driverC

    driverC Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    166
    I remember there was a script that added an "X-PHP" line to the email header. Then you can look at the emails in the mail queue and the X-PHP header tells you the exact path to the PHP script... I mean not only the directory but also the file name of the PHP script. Unfortunately I don`t remember the URL but maybe you find it on Google.

    EDIT: The URL is:
    http://choon.net/php-mail-header.php
     
    #21 driverC, Aug 19, 2006
    Last edited: Aug 19, 2006
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I may have missed above where someone else said this, but it looks like the script is deleting itself as soon as it starts running. Under all current versions of Unix (Linux included) if a file is still open, it stays allocated so the file could delete itself when it starts running and thus gain invisibility without affecting itself.

    Chirpy's suggestion of lsof should give you at least some idea of what account the script is running as (if you use phpsuexec/suexec), otherwise I'm not completely sure how you'd track it down.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jrehmer

    jrehmer Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    287
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Denver, CO
    I have things like the following, and I am not finding any scripts that are "self deleting" in /tmp. Infact I've put several monitors to notify me of any changes to that file system, and none are occuring (at least not any new files, nothing but writing to session files)


    2006-08-22 17:00:06 1GFeI2-0004mB-DB <= qvfxnvmg___xdcnifvdulfgmjwt.rfh@message.myspace.com H=(vmta02.myspace.com) [204.16.32.69]:53003 I=[69.57.135.178]:25 P=esmtp S=1841 T="New message from Jen on MySpace sent on 8/22/2006 3:00 PM" from <qvfxnvmg___xdcnifvdulfgmjwt.rfh@message.myspace.com> for jroberts@blueworldhosting.com
    2006-08-22 17:00:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1GFeI2-0004mB-DB
    2006-08-22 17:00:06 SMTP connection from (vmta02.myspace.com) [204.16.32.69]:53003 I=[69.57.135.178]:25 closed by QUIT
    2006-08-22 17:00:06 cwd=/tmp 2 args: /usr/sbin/sendmail -bS
    2006-08-22 17:00:06 SMTP connection from blueworl
    2006-08-22 17:00:07 1GFeI2-0004pY-ME <= qvfxnvmg___xdcnifvdulfgmjwt.rfh@message.myspace.com U=blueworl P=local-bsmtp S=2319 T="New message from Jen on MySpace sent on 8/22/2006 3:00 PM" from <qvfxnvmg___xdcnifvdulfgmjwt.rfh@message.myspace.com> for jroberts@blueworldhosting.com
    2006-08-22 17:00:07 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1GFeI2-0004pY-ME


    What's hard for me to understand is how am I supposed to know which message to look at that's being sent with the /tmp as the cwd?
     
  4. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    193
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    London, UK
    Did anyone try this, and is it similar/same to this WHM tweak settings option?

    chirpy, you did one of my cPanel server setups, do you include your "essentials" Exim config, or I need to add?

    Thanks all.

    - Vince
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. walidaly

    walidaly Member

    Joined:
    May 1, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    I found exim_mainlog is over 2GB!
    is there a way to solve that?
     
  6. Radio_Head

    Radio_Head Well-Known Member Verifed Vendor

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    Interesting ... Could be fine to find this patch inside easyapache !
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice