Search

Language:  
Search for:

Available article translations:

Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running?

APPLIES TO:
  • Parallels Plesk for Linux/Unix

Resolution

Note: This article is for Qmail. If you are using the Postfix mail server, see this article instead:

114845 Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?

Warning: using this method may increase server load due to the additional steps of processing for each message submitted to the local mail server. If you experience problems with high server load after applying the instructions in step #2, revert them using the instructions in step #3.

There is a way to determine from which folder the PHP script that sends mail was run. Note: Depending on your OS and Plesk version, the paths may differ from those listed below.

1) Create a /var/qmail/bin/sendmail-wrapper script with the following content:

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

Note that this script should be two lines including #!/bin/sh

2) Create a log file /var/tmp/mail.send and grant it "a+rw" rights. Make the wrapper executable, rename the old sendmail, and link it to the new wrapper:

~# touch /var/tmp/mail.send
~# chmod a+rw /var/tmp/mail.send
~# chmod a+x /var/qmail/bin/sendmail-wrapper
~# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
~# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

3) Wait for at least two hours and then change sendmail back:

~# rm -f /var/qmail/bin/sendmail
~# mv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

Examine the /var/tmp/mail.send file. There should be lines starting with "X-Additional-Header:", pointing to the domain folders where the scripts which sent the mail are located.

You can see all the folders from where mail PHP scripts were run with the following command:

~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

If you see no output from the above command, no mail was sent using the PHP mail() function from the Plesk virtual hosts directory.

If the /var/tmp/mail.send file only contains:

X-Additional-Header: /var/www

without pointing to a particular domains folder, change permissions for the Perl binary:

~# chmod 700 /usr/bin/perl

Search words:

spam abuse

spam attack

how to trace spam source

Abuse: Spam complaint from UOL

apache

spam

Plesk access_log.webstat has huge volume




c81e59b61af9dca603ba03b14aabe968 56797cefb1efc9130f7c48a7d1db0f0c 9f8baf78266b4e54525d1c6bf06305a5

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Desktop Virtualization
- Parallels Desktop 9 for Mac
- Parallels Transporter
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac Enterprise Edition
- Parallels Management-Mac for Microsoft SCCM
Server Virtualization
- Parallels Cloud Server
- Parallels Containers for Windows 6.0 Beta
- Parallels Virtuozzo Containers
Automation
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Web Presence Builder
- Parallels Plesk Automation
- Parallels Small Business Panel
- Value-added Services for Hosters
- Parallels Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification