Peter Peltonen wrote: > On Tue, Oct 27, 2009 at 10:05 AM, John R Pierce <pierce at hogranch.com> wrote: >> Peter Peltonen wrote: >>> I got a report that my CentOS 5.4 is used for sending spam. >>> >>> >From sendmail maillog I can see that apache has been sending a lot of >>> email to suspicious addresses. >>> >>> Probably one of the many Apache virtual hosts I have is used for >>> sending spam. But how to find out which one? >>> >> the maillog should show where the messages are coming from > > They just say that Apache is sending them, so I cannot pinpoint the > virtual host. > > But apparanelty I can force (override) the sender in the VirtualHost > with this line: > > php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f > emailcop at doimanname" > > where you replace domainname with the one in the virtual host. This > will then show up in the maillog. > > Now I just have to wait and watch the maillog... If the emails are a result of posting to a form you can probably match up the timestamps in the http and mail logs. -- Les Mikesell lesmikesell at gmail.com