Facebook
TwitterWell I've a lot of spam from my server, under Plesk 11.5, php 5.4
Reading head of mails I've found
qmail 31475 invoked by uid 48
This 48 is the uid of Apache, so I suppose the script is owned by Apache, doesn't it?
Then I added to php.ini 2 lines (new from php 5.3)
mail.add_x_header = On
mail.log = /var/log/php-mail.log
(and then restarted Apache)
I hope that header mails contains information about the script using sendmail and a log file (/var/log/php-mail.log). OK?
Well, there is no info in mail header nor php-mail.log!!!!! Why?
I tested it with a form contact using the php function mail(). The form sent the mail but without info in header and log file was not created.
Where is the error?
Then I used a sendmail wrapper
#!/bin/sh
logger -p mail.info sendmail: site=${HTTP_HOST}, client=${REMOTE_ADDR}, script=${SCRIPT_NAME}, filename=${SCRIPT_FILENAME}, docroot=${DOCUMENT_ROOT}, pwd=${PWD}, uid=${UID}, user=$(whoami)
echo "Hello" | /var/qmail/bin/sendmail.cerrado -f [email protected] [email protected]
(last line is for avoid the spam sent)
In the maillog I see
logger: sendmail: site=, client=, script=, filename=, docroot=, pwd=/var/www, uid=48, user=apache
user apache send the email but, how does it?
Where is the script name? or the filename?
Thanks
To locate the origin I renamed sendmail to sendmail-close and the spam dissapears: so I am sure this is from a script in the server
Reading head of mails I've found
qmail 31475 invoked by uid 48
This 48 is the uid of Apache, so I suppose the script is owned by Apache, doesn't it?
Then I added to php.ini 2 lines (new from php 5.3)
mail.add_x_header = On
mail.log = /var/log/php-mail.log
(and then restarted Apache)
I hope that header mails contains information about the script using sendmail and a log file (/var/log/php-mail.log). OK?
Well, there is no info in mail header nor php-mail.log!!!!! Why?
I tested it with a form contact using the php function mail(). The form sent the mail but without info in header and log file was not created.
Where is the error?
Then I used a sendmail wrapper
#!/bin/sh
logger -p mail.info sendmail: site=${HTTP_HOST}, client=${REMOTE_ADDR}, script=${SCRIPT_NAME}, filename=${SCRIPT_FILENAME}, docroot=${DOCUMENT_ROOT}, pwd=${PWD}, uid=${UID}, user=$(whoami)
echo "Hello" | /var/qmail/bin/sendmail.cerrado -f [email protected] [email protected]
(last line is for avoid the spam sent)
In the maillog I see
logger: sendmail: site=, client=, script=, filename=, docroot=, pwd=/var/www, uid=48, user=apache
user apache send the email but, how does it?
Where is the script name? or the filename?
Thanks
To locate the origin I renamed sendmail to sendmail-close and the spam dissapears: so I am sure this is from a script in the server