Many email messages are sent from PHP scripts on the server. How to find the domains on which these scripts are running?

Refers to:

  • Plesk for Linux

Created:

2016-11-16 13:24:35 UTC

Modified:

2017-02-15 20:15:28 UTC

4

Was this article helpful?


Have more questions?

Submit a request

Many email messages are sent from PHP scripts on the server. How to find the domains on which these scripts are running?

Resolution

Note: This article is applicable for the Qmail mail server. If you are using the Postfix mail server, see:

213914405 Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?

Warning: using this method may cause increase of the server load due to the additional steps of processing for each message submitted to the local mail server. If you experience problems with high server load after applying the instructions in step #2, revert them using the instructions in step #3.

There is a way to determine from which folder the PHP script sending mail was run.

Note: Depending on your operating system and Plesk version, the paths may differ from those listed below.

  1. Create a /var/qmail/bin/sendmail-wrapper script with the following content:

    #touch /var/qmail/bin/sendmail-wrapper
    #vi /var/qmail/bin/sendmail-wrapper

    Copy the content below and paste it into the file created above:

    #!/bin/sh
    (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"

    Note that this script should include two lines including #!/bin/sh .

  2. Create a log file called /var/tmp/mail.send and grant it the "a+rw" rights. Make the wrapper executable, rename the old sendmail, and link it to the new wrapper:

    ~# touch /var/tmp/mail.send
    ~# chmod a+rw /var/tmp/mail.send
    ~# chmod a+x /var/qmail/bin/sendmail-wrapper
    ~# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
    ~# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail
  3. Wait for at least two hours, then change sendmail back:

    ~# rm -f /var/qmail/bin/sendmail
    ~# mv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

Examine the /var/tmp/mail.send file. There should be lines starting with "X-Additional-Header:", pointing to the domain folders where the scripts which sent the mail are located.

You can see all the folders from where the mail PHP scripts were run using the following command:

    ~# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' `

If you see no output from the above command, no mail was sent using the PHP mail() function from the Plesk virtual hosts directory.

If the /var/tmp/mail.send file only contains:

    X-Additional-Header: /var/www

... without pointing to a particular domains folder, change permissions for the Perl binary:

    ~# chmod 700 /usr/bin/perl
Have more questions? Submit a request
Please sign in to leave a comment.