[nSLUG] apache used to generate spam
budman85 at eastlink.ca
Fri Apr 17 10:16:06 ADT 2009
D G Teed wrote:
> On Thu, Apr 16, 2009 at 11:58 PM, Hatem Nassrat <hnassrat at gmail.com
> <mailto:hnassrat at gmail.com>> wrote:
> If it was me, I would replace /usr/bin/sendmail with a shell script
> or a little C program that took a snapshot of the running process, and
> possibly a nestat for every email that is sent out, to start. (If I
> remember correctly the mail would be sent via sendmail). I would also
> pipe the input along with the cmd line options to the real sendmail
> (/usr/bin/sendmail.bak), so that the server is not disrupted. This
> will atleast give a little more info to work with.
> I am not sure about the code, but I am pretty sure you would be able
> to find the culprit with that little C program. Since the php app will
> be talking to sendmail using a pipe, this pipe should have a file
> descriptor, which you can pass to `lsof` to find the owner process.
> There maybe an easier way to find the calling process, it needs some
> I am not sure if the above will be fruitfull, or if its fully correct,
> but I do know who can catch me out on any mistakes in what I
> mentioned. The only person I know who would be able to effeciently
> find your culprit is Ian Campbell. Ian your insight would be quite
> That is an excellent suggestion. This together with postfix changes
> is probably how we will proceed.
> Thank you for this idea.
Do you have any mail modules/libraries installed for Perl, or Python?
Search for smtp, mime, or mail in any of the perl or python lib dirs.
perl -V will show the module paths
Many of those do not use sendmail at all. I can send mail using several
different Perl modules where sendmail is disabled on the system. All
I need to know is the smtp server name.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nSLUG