On Tue, Oct 27, 2009 at 10:05 AM, John R Pierce <pierce at hogranch.com> wrote: > Peter Peltonen wrote: >> I got a report that my CentOS 5.4 is used for sending spam. >> >> >From sendmail maillog I can see that apache has been sending a lot of >> email to suspicious addresses. >> >> Probably one of the many Apache virtual hosts I have is used for >> sending spam. But how to find out which one? >> > > the maillog should show where the messages are coming from They just say that Apache is sending them, so I cannot pinpoint the virtual host. But apparanelty I can force (override) the sender in the VirtualHost with this line: php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f emailcop at doimanname" where you replace domainname with the one in the virtual host. This will then show up in the maillog. Now I just have to wait and watch the maillog... Best, Peter