see which php scripts are sending mail?

[alexmack]

is there any way to do this?

also, is there an easy way to get a summary of most recent exim messages sent including the subject?

 

[kuldeep_]

To trace php script sending email, first you will need root SSH access to server and enable log selector for exim which will help you to generate extra/well defined logs for exim.

To do this Access WHM as root. Access Service Configuration >> Exim Configuration Editor. Click on Advance Editor.

Under exim.conf section you will see #!!# cPanel Exim 4 Config
and you can add following code in the text box.

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

Now checking exim logs:

tail -f /var/log/exim_mainlog | grep cwd

Above command will grep for current working directory for exim and show the directory path from which email are being sent.

Mostly if email are sent from script then in exim logs you will see email sent form [email protected]

If you see there are multiple email in email queue with name [email protected] then you can check headers for the message.

To check email header use command

exim -Mvh Message-id

In the header section locate for X-PHP-Script: and that will show you the exact script i.e sending email

 

[alexmack]

I seem to be getting

" exim -Mvh 1OoLkg-0007fj-Hj
Failed to open input file for 1OoLkg-0007fj-Hj-H: No such file or directory
"

for everyone one i attempt

 

[kuldeep_]

I seem to be getting

" exim -Mvh 1OoLkg-0007fj-Hj
Failed to open input file for 1OoLkg-0007fj-Hj-H: No such file or directory
"

for everyone one i attempt

It seems that message ID 1OoLkg-0007fj-Hj was already delivered to recipient and so you are not able to read it.

But still you can view email subject, check your exim logs carefully

grep 1OoLkg-0007fj-Hj /var/log/exim_mainlog

and you will see T=" " this section contains email subject included into double quote.

Also check email queue, if there are any other email present then you can use command exim -Mvh Message-ID

 

[alexmack]

is there any way to add the php script logging to the exim_main log?

 

[kuldeep_]

is there any way to add the php script logging to the exim_main log?

You can try one thing.
If you have CSF firewall installed then you can edit /etc/csf/csf.conf file and enable a feature LF_SCRIPT_ALERT = "1" and set the email script limit to LF_SCRIPT_LIMIT = "300"

i.e If more then 300 email are found to be sent from a script then you will receive an alert.