How to find original php script of spamming ?

Questions regarding the Mail Server
Dovecot, Exim, RoundCube
Spheerys
Posts: 125
Joined: Tue Dec 29, 2015 12:36 pm

How to find original php script of spamming ?

Postby Spheerys » Wed Oct 25, 2017 11:52 am

Hi,

Before discovering VestaCP, I was using iscp-omega panel. It was using Postfix and the mail queue was more precise than Exim : Postfix indicated the name of the path/file which send the mail.

Exim is not verbose enough AMHO
For example, "exim -Mvh 1e6yTR-0004iP-R6" just give me few informations, but not the used script :

Code: Select all

1e6yTR-0004iP-R6-H
Debian-exim 105 110
<>
1508848705 0
-ident Debian-exim
-received_protocol local
-body_linecount 59
-max_received_linelength 814
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1508848706
-localerror
XX
1
PG@server.domain.net

155P Received: from Debian-exim by server.domain.net with local (Exim 4.84_2)
   id 1e6yTR-0004iP-R6
   for PG@server.domain.net; Tue, 24 Oct 2017 14:38:25 +0200
042  X-Failed-Recipients: mailbox@yahoo.fr
029  Auto-Submitted: auto-replied
062F From: Mail Delivery System <Mailer-Daemon@server.domain.net>
026T To: PG@server.domain.net
059  Subject: Mail delivery failed: returning message to sender
051I Message-Id: <E1e6yTR-0004iP-R6@server.domain.net>
038  Date: Tue, 24 Oct 2017 14:38:25 +0200




I have found this page : http://www.sudosu.in/2013/02/exim-usefu ... in-of.html
But unfortunatly, the third section (which talking about finding original php files which sending spam) is not working well under debian.

Do you know if there is a way to make Exim more verbose, or use a CLI command to find them all ?

Spheerys
Posts: 125
Joined: Tue Dec 29, 2015 12:36 pm

Re: How to find original php script of spamming ?

Postby Spheerys » Wed Oct 25, 2017 11:54 am

Whoops sorry, I have found this topic too late : viewtopic.php?f=12&t=13892


Return to “Mail Server”



Who is online

Users browsing this forum: No registered users and 7 guests

cron