My sendmail sends spam and I can't identify which script sends it

Posted by Andrew on Super User See other posts from Super User or by Andrew
Published on 2012-06-19T08:17:51Z Indexed on 2012/06/19 9:19 UTC
Read the original article Hit count: 557

Filed under:

spam

|

sendmail

I've noticed one of my server is sending mass spam.

The messages are like the one below (sending from: [email protected]). I've deleted USER_ACCOUNT but I'd like to know how can I identify the script (probably a hacked PHP script) that sends the mass mail considering this server hosts numerous websites.

I0/83/968855
Mreturntosender: cannot select queue for postmaster: Broken pipe
Fbn
$_Unknown UID 1008@localhost
${daemon_flags}c u
SUSER_ACCOUNT
[email protected]
H?P?Return-Path: <?g>
H??Received: (from Unknown UID 1008@localhost)
        by benedictus.MYDOMAIN.COM (8.14.3/8.14.3/Submit) id q5H8Bx9A066412;
        Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
        (envelope-from USER_ACCOUNT)
H?D?Date: Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
H?M?Message-Id: <[email protected]>
H??From: Tiffany June <[email protected]>
H??To: "Fernando" <[email protected]>
H??Subject: Tiffany June ADDED YOU to her Private Wish List
H??MIME-Version: 1.0
H??Content-Type: multipart/related;
        boundary="=_8b944d33596415b2dd4371ef94e08aee

© Super User or respective owner

Related posts about spam

spam spam spam spam [closed]

as seen on Stack Overflow - Search for 'Stack Overflow'
spam removed spam removed spam removed spam removed >>> More
Stop Outgoing Spam Already Tagged as Spam

as seen on Server Fault - Search for 'Server Fault'
Hi, I run a Postfix server with Amavis and Spamassassin among other things. Postfix receives mail from the outside world and passes it on to Amavis. Amavis has Spamassassin rate the mail, and then tags it as spam if necessary. Then Postfix relies on each users' procmailrcs to deal with the mail as… >>> More
spam check, spam score how to?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi. I am doing a app that is sending email and need to have a spam checker on the outgoing email. I have been looking for this a while now, I can not seem to find a good solution. I would like to use something like the spamassassin. Do you guys got any examples how to do the spamassassin with asp… >>> More
configure spam assassin to delete all spam above a score domain wide and override individual settin

as seen on Server Fault - Search for 'Server Fault'
Okay, so this is my scenario and what I want to try and do. I maintain a Red Hat email server running qmail and spamassassin. I have a domain that has well over 100 email account each with individual settings for spam scores and, whether or not to delete email incoming mail deemed spam. What I… >>> More
Make Thundirbird use and sync with Gmail Spam facility

as seen on Super User - Search for 'Super User'
I am using Thundirbird 3.1.7. I am using Gmail with it. When I mark a message as spam in Thunderbird, I want it to go to Gmail's spam folder. But it is not happening. The mail is only marked as spam and stays in Gmail's inbox. How can I setup Thunderbird so that when I mark a message as spam in… >>> More

Related posts about sendmail

Sendmail Failing to Forward Locally Addressed Mail to Exchange Server

as seen on Server Fault - Search for 'Server Fault'
I've recently gained employment as a web developer with a small company. What they neglected to tell me upon hire was that I would be administrating the server along with my other daily duties. Now, truth be told, I'm not clueless when it comes to these things, but this is my first rodeo working with… >>> More
Output php mail calls to log file

as seen on Server Fault - Search for 'Server Fault'
This question relates to the question found here: Find the php script thats sending mails Trying to do the exact same thing but can't get the log to output what I need. Not too experienced with serverfault and ideally I'd post my followup on the original question, or PM adam to see if he ever found… >>> More
Sendmail background process sometimes processes queue, but sendmail -q always works

as seen on Server Fault - Search for 'Server Fault'
I'm using sendmail version 8.14.4 on Fedora 15 to send email. My Rails app uses delayed_job to queue up emails. Messages will queue up in /var/spool/mqueue as expected, but don't always get processed. I can see the messages and sendmail is definitely running in the background. Restarting the process… >>> More
sendmail: Error during delivery. Service not available, closing transmission channel

as seen on Server Fault - Search for 'Server Fault'
I have a module in my system that will trigger an email and send it to user. The email will be sent to user when the product in my system is going to expired soon. I test the whole module in localhost and there is no problem with it. Then, I finally moved the module in my server but it gives this… >>> More
sendmail.exe: Error during delivery. Service not available, closing transmission channel

as seen on Server Fault - Search for 'Server Fault'
I have a module in my system that will trigger an email and send it to user. The email will be sent to user when the product in my system is going to expired soon. I test the whole module in localhost and there is no problem with it. Then, I finally moved the module in my server but it gives this… >>> More