How to find original php script of spamming ?
Posted: Wed Oct 25, 2017 11:52 am
Hi,
Before discovering VestaCP, I was using iscp-omega panel. It was using Postfix and the mail queue was more precise than Exim : Postfix indicated the name of the path/file which send the mail.
Exim is not verbose enough AMHO
For example, "exim -Mvh 1e6yTR-0004iP-R6" just give me few informations, but not the used script :
I have found this page : http://www.sudosu.in/2013/02/exim-usefu ... in-of.html
But unfortunatly, the third section (which talking about finding original php files which sending spam) is not working well under debian.
Do you know if there is a way to make Exim more verbose, or use a CLI command to find them all ?
Before discovering VestaCP, I was using iscp-omega panel. It was using Postfix and the mail queue was more precise than Exim : Postfix indicated the name of the path/file which send the mail.
Exim is not verbose enough AMHO
For example, "exim -Mvh 1e6yTR-0004iP-R6" just give me few informations, but not the used script :
Code: Select all
1e6yTR-0004iP-R6-H
Debian-exim 105 110
<>
1508848705 0
-ident Debian-exim
-received_protocol local
-body_linecount 59
-max_received_linelength 814
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1508848706
-localerror
XX
1
[email protected]
155P Received: from Debian-exim by server.domain.net with local (Exim 4.84_2)
id 1e6yTR-0004iP-R6
for [email protected]; Tue, 24 Oct 2017 14:38:25 +0200
042 X-Failed-Recipients: [email protected]
029 Auto-Submitted: auto-replied
062F From: Mail Delivery System <[email protected]>
026T To: [email protected]
059 Subject: Mail delivery failed: returning message to sender
051I Message-Id: <[email protected]>
038 Date: Tue, 24 Oct 2017 14:38:25 +0200
I have found this page : http://www.sudosu.in/2013/02/exim-usefu ... in-of.html
But unfortunatly, the third section (which talking about finding original php files which sending spam) is not working well under debian.
Do you know if there is a way to make Exim more verbose, or use a CLI command to find them all ?