PHP Server – Track down spammer script

Sometimes you need track down spam from your server. It is not a easy task, there is so many script in any web app so it almost impossible to manual search for mail function. But PHP from version 5.3 offer elegant solution.

You can see documentation at this link.

How to log all script what call mail function ?

  • Open your php.ini file (location depends on your installation and server)
    • /etc/php.ini (RedHat based distro (Centos, Fedora, etc)
    • /etc/php5/apache/php.ini Debian derivative (Ubuntu, etc)
    • at windows it depends on your installation
  • Insert this lines to php.ini
mail.add_x_header = On
mail.log = /var/log/phpmail.log
  • The first one add header to outgoing email what will include UID and other script info
  • The second one specify location where log will be saved

Output sample:

mail() on [/var/www/vhosts/]: To: -- Headers: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: 8Bit X-Mailer: Drupal Sender: From: