Re: apache: what site is sending email from www-data

["Thomas Goirand (GPLHost)" <nospam.thomas@goirand.fr>]

Hello,

I suggest you first have a look in your web server logs, it will show 
you all the queries that were issued to send those spams. Second, you 
can have a look into http://www.php.net/mail, there you will find a very 
usefull script in the user comments that helps keeping the mail() 
function a bit more secure, and send alerts whenever a suspicious 
"content-type:", "charset=","mime-version:","multipart/mixed","bcc:" 
field was in.

I hope that helps,

   Thomas

jack wrote:
> I've had this sort of thing happen a few times, and I'm wondering if 
> anyone know's any way to figure it out, or prevent it:
>
> You have say, 50 websites running on your webserver (mostly PHP, some 
> cgi). You start to notice your webserver is sending out HUGE amount of 
> email (which is spam). Looking at any of the messages in the mail 
> queue, you notice all the messages are coming from 
> www-data@host.mydomain.tld, so I know they are coming from apache, but 
> what site is it coming from!?!
>
> I've been curious about running PHP under fastcgi w/apache2 with 
> FastCGIsuEXEC enabled for each site. From what I understand, doing 
> this would make the example I gave before send out mail from 
> (UID-SET)@host.mydomain.tld (rather then www-data) which would do 
> exactly as I'd want.
>
> What's your experience with this sort of thing? Any suggestions?
>
> Thanks...