[nSLUG] apache used to generate spam
D G Teed
donald.teed at gmail.com
Fri Apr 17 07:17:59 ADT 2009
On Thu, Apr 16, 2009 at 11:58 PM, Hatem Nassrat <hnassrat at gmail.com> wrote:
> If it was me, I would replace /usr/bin/sendmail with a shell script
> or a little C program that took a snapshot of the running process, and
> possibly a nestat for every email that is sent out, to start. (If I
> remember correctly the mail would be sent via sendmail). I would also
> pipe the input along with the cmd line options to the real sendmail
> (/usr/bin/sendmail.bak), so that the server is not disrupted. This
> will atleast give a little more info to work with.
> I am not sure about the code, but I am pretty sure you would be able
> to find the culprit with that little C program. Since the php app will
> be talking to sendmail using a pipe, this pipe should have a file
> descriptor, which you can pass to `lsof` to find the owner process.
> There maybe an easier way to find the calling process, it needs some
> I am not sure if the above will be fruitfull, or if its fully correct,
> but I do know who can catch me out on any mistakes in what I
> mentioned. The only person I know who would be able to effeciently
> find your culprit is Ian Campbell. Ian your insight would be quite
That is an excellent suggestion. This together with postfix changes
is probably how we will proceed.
Thank you for this idea.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nSLUG