how to tell which process call sendmail

Frank Leonhardt frank2 at fjl.co.uk
Thu Sep 19 22:37:49 UTC 2013


On 19/09/2013 19:30, Glenn McCalley wrote:
> So, some idiot is using a cgi or php or something to send mail out of 
> his website that he shouldn't be sending.  With a bunch of sites on 
> the server, can't tell who.
>

I had a similar problem, but some time back and I can't remember 
*exactly* what I did. It was something like pointing mailer.conf to my 
own program which did some logging and then called the real sendmail. 
Actually, I might just have hacked mailwrapper directly. I think there 
was some way I managed to cross-reference to the httpd logs, or that 
might be what I tried to do and failed. Sorry - this may not be helping 
much.

Another approach might be to find some likely text in the outgoing 
message and do a recursive grep on /home.




More information about the freebsd-questions mailing list