Date:  Mon, 26 Nov 2007 09:05:31 -0600
From:  "Gerald Waugh" <gwaugh (at mark) frontstreetnetworks.com>
Subject:  [coba-e:11241] Re: Tracing emails being sent with apache
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <023c01c8303d$cd41d0c0$0101a8c0@systemax>
In-Reply-To:  <200711261426.lAQEQlxZ012455 (at mark) huda.muntadanet.com>
X-Mail-Count: 11241

MuntadaNet Webmaster wrote on Monday, November 26, 2007 8:27 AM
> 
> I am getting a ton of returned mail that is evidently being sent from 
> my server using the apache user.  I have tried to sift through the 
> access_log to determine what web site is the culprit to no avail.
> 
> Is there any way to turn on some kind of trace logging to find out 
> when a call to sendmail is made that shows exactly what cgi or php 
> page executed it.  There is hardly any CGI if at all on my servers so 
> I am pretty sure this is most likely php mail() call.
> 
I had trouble with "contact.php:
I used this to find the abusers
cat /var/log/httpd/access_log | grep contact.php
Seen many from the same IP address,
Also ran;
cat /var/log/maillog | grep <the abusers ip>

I did not find a good fix, just removed all contact.php
And used 'mailto' for contact.

Gerald


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.