Re: apache: what site is sending email from www-data

To: debian-isp@lists.debian.org
Subject: Re: apache: what site is sending email from www-data
From: jack <lists@qnorth.net>
Date: Tue, 09 May 2006 17:54:35 -0700
Message-id: <[🔎] 446139CB.6080406@qnorth.net>
In-reply-to: <[🔎] 445CA431.1060800@obsidian.com.au>
References: <[🔎] 445BCF1D.7060900@qnorth.net> <[🔎] 445CA431.1060800@obsidian.com.au>

David MacKinnon wrote:

jack wrote:
I've had this sort of thing happen a few times, and I'm wondering ifanyone know's any way to figure it out, or prevent it:
You have say, 50 websites running on your webserver (mostly PHP, somecgi). You start to notice your webserver is sending out HUGE amount ofemail (which is spam). Looking at any of the messages in the mailqueue, you notice all the messages are coming fromwww-data@host.mydomain.tld, so I know they are coming from apache, butwhat site is it coming from!?!
You can patch PHP to add a header to all mail sent via the mail()function which says what script actually sent the email.. Very useful!
http://www.lancs.ac.uk/~steveb/php-mail-header-patch/

Quoted from site:

The header added has the form:

   X-PHP-Script: <servername><php-self> for <remote-addr>
For example:

   X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1

Hope that helps.

-David.


Thank you all for your responses! I'm going to start testing now. :)

Reply to:

References:
- apache: what site is sending email from www-data
  - From: jack <lists@qnorth.net>
- Re: apache: what site is sending email from www-data
  - From: David MacKinnon <davidm@obsidian.com.au>

Prev by Date: Re: WLAN Ultra Security
Next by Date: Adaptec Zero Channel RAID
Previous by thread: Re: apache: what site is sending email from www-data
Next by thread: Re: apache: what site is sending email from www-data
Index(es):
- Date
- Thread