How Do I find from which domain SPAM is originating in Plesk for Linux?
- 06/06/2020 8:01 PM
RESOLUTION
There is a way to find what the folder the PHP script that sends mail was run from. Note, the paths can be slightly differ from the listed below depending on your OS and Plesk version:1) create /var/qmail/bin/sendmail-wrapper script with the content:
#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"
Note, it should be the two lines including '#!/bin/sh'.
2) then create log file /var/tmp/mail.send and grant it "a+rw" rights, make the wrapper executable, rename old sendmail and link it to the new wrapper:
# touch /var/tmp/mail.send
# chmod a+rw /var/tmp/mail.send
# chmod a+x /var/qmail/bin/sendmail-wrapper
# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail
# rm -f /var/qmail/bin/sendmail
# ln -s /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail
Examine /var/tmp/mail.send file, there should be lines starting with "X-Additional-Header:" pointing out to domains' folders where the script which sent the mail are loacated.
You can see all the folders mail PHP scripts were run from with the following command:
# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `