how to tell which process call sendmail
genie at geniechka.ru
Thu Sep 19 20:13:05 UTC 2013
I once wrote some (quick-and-dirty) perl script that monitors network
traffic and logs (for matching outgoing connections) the process command
line and (if apache) the respective vhost and request.
But this would not help if they are calling the sendmail program directly to
inject the message into mail queue.
(Unverified guess: if you temporarily remove execute permissions on it, the
execution error should probably be logged somewhere?).
BTW most probably that is not your user as such, but rather some abused
comment form or forum script or something like that.
From: Glenn McCalley
Sent: Thursday, September 19, 2013 10:30 PM
To: freebsd-questions at freebsd.org
Subject: how to tell which process call sendmail
So, some idiot is using a cgi or php or something to send mail out of his
website that he shouldn't be sending. With a bunch of sites on the server,
can't tell who.
System accounting can tell me that sendmail was executed 32,976 times, but
is there a way to tell what process /file name called it each time? Since
it's always called by the www user that doesn't help -- I need to
distinguish between legit processes that call 5 or 10 in a day and the idiot
who calls the other 31,000 times.
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions