see which php scripts are sending mail?

alexmack

Member
Jul 23, 2010
22
0
51
is there any way to do this?

also, is there an easy way to get a summary of most recent exim messages sent including the subject?
 

kuldeep_

Well-Known Member
Apr 24, 2010
54
0
56
To trace php script sending email, first you will need root SSH access to server and enable log selector for exim which will help you to generate extra/well defined logs for exim.

To do this Access WHM as root. Access Service Configuration >> Exim Configuration Editor. Click on Advance Editor.

Under exim.conf section you will see #!!# cPanel Exim 4 Config
and you can add following code in the text box.

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
Now checking exim logs:

tail -f /var/log/exim_mainlog | grep cwd
Above command will grep for current working directory for exim and show the directory path from which email are being sent.

Mostly if email are sent from script then in exim logs you will see email sent form [email protected]

If you see there are multiple email in email queue with name [email protected] then you can check headers for the message.

To check email header use command

exim -Mvh Message-id
In the header section locate for X-PHP-Script: and that will show you the exact script i.e sending email
 

alexmack

Member
Jul 23, 2010
22
0
51
I seem to be getting

" exim -Mvh 1OoLkg-0007fj-Hj
Failed to open input file for 1OoLkg-0007fj-Hj-H: No such file or directory
"

for everyone one i attempt
 

kuldeep_

Well-Known Member
Apr 24, 2010
54
0
56
I seem to be getting

" exim -Mvh 1OoLkg-0007fj-Hj
Failed to open input file for 1OoLkg-0007fj-Hj-H: No such file or directory
"

for everyone one i attempt
It seems that message ID 1OoLkg-0007fj-Hj was already delivered to recipient and so you are not able to read it.

But still you can view email subject, check your exim logs carefully
grep 1OoLkg-0007fj-Hj /var/log/exim_mainlog
and you will see T=" " this section contains email subject included into double quote.

Also check email queue, if there are any other email present then you can use command exim -Mvh Message-ID
 

kuldeep_

Well-Known Member
Apr 24, 2010
54
0
56
is there any way to add the php script logging to the exim_main log?
You can try one thing.
If you have CSF firewall installed then you can edit /etc/csf/csf.conf file and enable a feature LF_SCRIPT_ALERT = "1" and set the email script limit to LF_SCRIPT_LIMIT = "300"

i.e If more then 300 email are found to be sent from a script then you will receive an alert.