Sendmail wrapper to detected spammer (which domain is using PHP's mail function?
Hi,
I have the following two scripts but neither of them work. What I am trying to find out is which domain is having vulnerable php code exploited to send spam.
But ideally I would like to find out whatever domain is sending out mail, the maillog itself shows where mail is going to and coming from but not which script on which domain sent it.
Sometimes I can trace the process and find out an X-mailer in the mail header but not all the time. Just says send by the Apache UID so certainly a website that's doing it.
Here are the scripts for your reference.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~BEGIN~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/usr/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open(INFO, ">>/var/log/formmail.log")|| die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR){
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME\n";
}
else {
print INFO "$date -$PWD - @info\n";
}
my $mailprog='/var/qmail/bin/sendmail.real';
foreach (@ARGV){
$arg="$arg" . "$_" . " " ;
}
print("sendmail arguments:\n");
print("$arg\n");
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
while (<STDIN>){
print MAIL;
}
close (INFO);
close (MAIL);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~END~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And another one.
#!/bin/sh
(echo X-Additional-Header: $(basename $(dirname $PWD));cat)|tee -a
/var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"
Any help with this would be appreciated, please note that I am not a coder.
Thanks.
|