how to tell which process call sendmail

Eugene genie at
Thu Sep 19 20:13:05 UTC 2013

Hi Glenn,

I once wrote some (quick-and-dirty) perl script that monitors network 
traffic and logs (for matching outgoing connections) the process command 
line and (if apache) the respective vhost and request.

But this would not help if they are calling the sendmail program directly to 
inject the message into mail queue.
(Unverified guess: if you temporarily remove execute permissions on it, the 
execution error should probably be logged somewhere?).

BTW most probably that is not your user as such, but rather some abused 
comment form or forum script or something like that.

Best wishes

-----Original Message----- 
From: Glenn McCalley
Sent: Thursday, September 19, 2013 10:30 PM
To: freebsd-questions at
Subject: how to tell which process call sendmail

So, some idiot is using a cgi or php or something to send mail out of his
website that he shouldn't be sending.  With a bunch of sites on the server,
can't tell who.

System accounting can tell me that sendmail was executed 32,976 times, but
is there a way to tell what process /file name called it each time?  Since
it's always called by the www user that doesn't help -- I need to
distinguish between legit processes that call 5 or 10 in a day and the idiot
who calls the other 31,000 times.


freebsd-questions at mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at" 

More information about the freebsd-questions mailing list