My sendmail sends spam and I can't identify which script sends it

Posted by Andrew on Super User See other posts from Super User or by Andrew
Published on 2012-06-19T08:17:51Z Indexed on 2012/06/19 9:19 UTC
Read the original article Hit count: 485

Filed under:
|

I've noticed one of my server is sending mass spam.

The messages are like the one below (sending from: [email protected]). I've deleted USER_ACCOUNT but I'd like to know how can I identify the script (probably a hacked PHP script) that sends the mass mail considering this server hosts numerous websites.

I0/83/968855
Mreturntosender: cannot select queue for postmaster: Broken pipe
Fbn
$_Unknown UID 1008@localhost
${daemon_flags}c u
SUSER_ACCOUNT
[email protected]
H?P?Return-Path: <?g>
H??Received: (from Unknown UID 1008@localhost)
        by benedictus.MYDOMAIN.COM (8.14.3/8.14.3/Submit) id q5H8Bx9A066412;
        Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
        (envelope-from USER_ACCOUNT)
H?D?Date: Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
H?M?Message-Id: <[email protected]>
H??From: Tiffany June <[email protected]>
H??To: "Fernando" <[email protected]>
H??Subject: Tiffany June ADDED YOU to her Private Wish List
H??MIME-Version: 1.0
H??Content-Type: multipart/related;
        boundary="=_8b944d33596415b2dd4371ef94e08aee

© Super User or respective owner

Related posts about spam

Related posts about sendmail