The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to findout where spam is coming from with EXIM?

Discussion in 'E-mail Discussions' started by JakWillis, Oct 1, 2014.

  1. JakWillis

    JakWillis Registered

    Joined:
    Oct 1, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    I've tracked down the user which was sending out spam but I am wondering how can I determine where the script is that is doing it?

    I ran a scan looking for the mail() function but found nothing. maldet also found nothing.

    Can I add something to PHP and/or EXIM to better track down where the script location is?
     
  2. JakWillis

    JakWillis Registered

    Joined:
    Oct 1, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Do I need to recompile apache or php or anything? I am running php 5 with suphp
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. John

    John Active Member

    Joined:
    Jan 1, 2014
    Messages:
    25
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Try using below method,

    Edit /usr/local/lib/php.ini and add below lines

    mail.add_x_header = On
    mail.log = /var/log/phpmail.log

    And create a file called /var/log/phpmail.log , give full permission or exim user permission then restart Apache
    touch /var/log/phpmail.log
    chmod 777 /var/log/phpmail.log
    service httpd restart

    You can find the exact php script from "/var/log/phpmail.log", creating spam mails (it will also log all mails send using php mail function)

    ref: /http://blog.rimuhosting.com/2012/09/20/finding-spam-sending-scripts-on-your-server/
     
Loading...

Share This Page