[nSLUG] apache used to generate spam

D G Teed donald.teed at gmail.com
Fri Apr 17 07:17:59 ADT 2009


On Thu, Apr 16, 2009 at 11:58 PM, Hatem Nassrat <hnassrat at gmail.com> wrote:

>
> If it was me, I would  replace /usr/bin/sendmail with a shell script
> or a little C program that took a snapshot of the running process, and
> possibly a nestat for every email that is sent out, to start. (If I
> remember correctly the mail would be sent via sendmail). I would also
> pipe the input along with the cmd line options to the real sendmail
> (/usr/bin/sendmail.bak), so that the server is not disrupted. This
> will atleast give a little more info to work with.
>
> I am not sure about the code, but I am pretty sure you would be able
> to find the culprit with that little C program. Since the php app will
> be talking to sendmail using a pipe, this pipe should have a file
> descriptor, which you can pass to `lsof` to find the owner process.
> There maybe an easier way to find the calling process, it needs some
> research.
>
> I am not sure if the above will be fruitfull, or if its fully correct,
> but I do know who can catch me out on any mistakes in what I
> mentioned. The only person I know who would be able to effeciently
> find your culprit is Ian Campbell. Ian your insight would be quite
> appreciated.


Hi,

That is an excellent suggestion.  This together with postfix changes
is probably how we will proceed.

Thank  you for this  idea.

Regards,

--Donald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20090417/73d336bb/attachment-0001.html>


More information about the nSLUG mailing list