• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

uid 33 www-data injects spam

E

Effektor

Guest
Hey ppl,

if following problem. Some of our clients recieve tons of spam, Spamassassin is up to date, SPF is turned on, I'm just not sure which MAPS I should use.

Any tips?

This Morning I checked out the qmail-qstats there where several mails I could not recognize as true mails after I checked them by using qmail-qread.

Later I found out all these mails where invoced by uid 33 <-- www-data. Are there any possibilies to found out which script exactely is responsible for this mails. I already tried to compare the access.log with the time which is given in each mail but the problem is my access.log is empty there just a few users who use the loggin function.

Now I need a way to find the responsible script.

Any Ideas?

Is there a way to log each usage of mail()?
I think it make it easier to find out whats up.
 
find all files that contains mail(

grep -Rni 'mail(' /home/httpd

obviously i would turn on logs on all domains... would help a lot.

if you have the from email you may want to grep for that
 
Back
Top