I usually only share this with my vps/dedi-server clients, but due to the increasing amount of spam-tards out there and people looking for solutions I'll post it here and hope it helps some people out. The script below which was a previously written script modified by MattF(http://www.webhostingtalk.com/memberinfo&userid=979) Original Author: MattF (See Link in his tutorial) Spammers listing as "Nobody". . This tutorial will outline how to properly set it up on Cpanel based systems. root@yourserver [~]# mv /usr/sbin/sendmail /usr/sbin/sendmail.real // backup your existing sendmail in the event of an error. root@yourserver [~]# pico /usr/sbin/sendmail // Open this badboy up, now paste the code below into it. Code: #!/usr/local/bin/perl # use strict; use Env; my $date = `date`; chomp $date; open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!"; my $uid = $>; my @info = getpwuid($uid); if($REMOTE_ADDR) { print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n"; } else { print INFO "$date - $PWD - @infon"; } my $mailprog = '/usr/sbin/sendmail.real'; foreach (@ARGV) { $arg="$arg" . " $_"; } open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n"; while ( ) { print MAIL; } close (INFO); close (MAIL); Code (markup): Now save the work above... root@yourserver [~]# chmod +x /usr/sbin/sendmail // make sendmail executable root@yourserver [~]# echo > /var/log/formmail.log root@yourserver [~]# chmod 755 /var/log/formmail.log (If no work change to chmod 777) root@yourserver [~]# pico /var/log/formmail.log // above is where all the data is stored, it may take up to a couple hours for it to begin filling with data. However if you notice an extreme amount of instances of a user sending mail, it may be spam. In the past without this script it would list them as "Nobody". With the script in place it lists the user and where the mail is being sent from. I hope this helps some of you out. Cheers.
Hi, Well if you are using Exim as a mail server , you can easily extend exim logging and you will have all the details about any email sent from server.
in exim the extended logging feature will generate a detailed log to exim maillog as well as if the spamming is occurring through some apache/php scripts enabling mailheaders in php will be helpful in tracking the source.
Hi there, would you mind to please tell me the idea behind the script above? the algorithm? Thank you so much!