I have done a number of things including setting up extended logging for exim and cannot find the PHP script that is sending spam mail. I can see the activity when using the "top" command, I can view the mail in the queue but the only indication I have of what is sending the mail is that the nobody user is sending it. This could be any of the accounts on the machine. Is there any way to alter the sendmail path in php.ini to pipe the output through something that can identify where these are coming from? I thought the logs would be enough, but I'm not finding enough info.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| G | Spammer has relayed through my server using a forwarder (no real account) as authentication | 1 | ||
| M | Spammer using server to send out spam email | 3 | ||
|
Spammers send emails from our Server with nonexistent email accounts | 1 | ||
| S | I think I have a spammer on my webserver | 2 | ||
| B | Spammer at my server | 1 |