• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

uid 33 www-data injects spam

E

Effektor

Guest
Hey ppl,

if following problem. Some of our clients recieve tons of spam, Spamassassin is up to date, SPF is turned on, I'm just not sure which MAPS I should use.

Any tips?

This Morning I checked out the qmail-qstats there where several mails I could not recognize as true mails after I checked them by using qmail-qread.

Later I found out all these mails where invoced by uid 33 <-- www-data. Are there any possibilies to found out which script exactely is responsible for this mails. I already tried to compare the access.log with the time which is given in each mail but the problem is my access.log is empty there just a few users who use the loggin function.

Now I need a way to find the responsible script.

Any Ideas?

Is there a way to log each usage of mail()?
I think it make it easier to find out whats up.
 
find all files that contains mail(

grep -Rni 'mail(' /home/httpd

obviously i would turn on logs on all domains... would help a lot.

if you have the from email you may want to grep for that
 
Back
Top