Hi Rashid,
> So far, I had already tried Gerald's and your
> technique before sending out the SOS. So I am
> still stuck. I can't seem to find something that
> is showing a large amount of repetition in the logs.
>
> If anyone has any other ideas, I am definitely in
> need of one. I normally find these things but this time I am stuck.
OK, this is somewhat drastic, but it might help.
In php.ini set:
disable_functions = mail
This will disable the mail() function in PHP entirely - for all PHP scripts.
It has to be set in php.ini and cannot be set anywhere else.
Now if someone tries to use the mail() function in PHP the script will error
out and this error(s) will also be logged in the Apache error logfile. That
allows you to easily find which scripts make use of the mail() function and
how often that happens.
It is not entirely foolproof as there are tons of ways to send emails with
PHP. The mail() function is the most commonly used way, as it offers the
least hassles. You can also send mail over system calls or sockets, or
external PHP classes which use different methods than the mail() function
itself.
But nonetheless it's a start and for troubleshooting purposes I'd suggest to
try this first. If it doesn't work out right away, you could deny additional
PHP functions as well, like this:
disable_functions = mail,system,sockets
However, please note that dissalowing system() and sockets() will most likely
break a lot of unrelated scripts. So if you do that, be prepared for a lot of
collateral damage.
--
With best regards,
Michael Stauber