My sendmail sends spam and I can't identify which script sends it
Posted
by
Andrew
on Super User
See other posts from Super User
or by Andrew
Published on 2012-06-19T08:17:51Z
Indexed on
2012/06/19
9:19 UTC
Read the original article
Hit count: 488
I've noticed one of my server is sending mass spam.
The messages are like the one below (sending from: [email protected]
). I've deleted USER_ACCOUNT
but I'd like to know how can I identify the script (probably a hacked PHP script) that sends the mass mail considering this server hosts numerous websites.
I0/83/968855
Mreturntosender: cannot select queue for postmaster: Broken pipe
Fbn
$_Unknown UID 1008@localhost
${daemon_flags}c u
SUSER_ACCOUNT
[email protected]
H?P?Return-Path: <?g>
H??Received: (from Unknown UID 1008@localhost)
by benedictus.MYDOMAIN.COM (8.14.3/8.14.3/Submit) id q5H8Bx9A066412;
Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
(envelope-from USER_ACCOUNT)
H?D?Date: Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
H?M?Message-Id: <[email protected]>
H??From: Tiffany June <[email protected]>
H??To: "Fernando" <[email protected]>
H??Subject: Tiffany June ADDED YOU to her Private Wish List
H??MIME-Version: 1.0
H??Content-Type: multipart/related;
boundary="=_8b944d33596415b2dd4371ef94e08aee
© Super User or respective owner