On Tue, 27 Sep 2005 09:52:39 -0700
"Clayton Weise" <[EMAIL PROTECTED]> wrote:

> I know this is way off topic, but there are a lot of really smart
> people on this list so I'm hoping to get some ideas here.  I've got a
> web server that has some kind of formmail-esque script that is being
> horribly abused but I can't find it.  The server (shut down qmail-send
> on it for now) is spewing out messages by the hundreds, if not
> thousands, and I can't seem to center down on which site has the
> offending script.  Again, it's pretty off topic but I'm just looking
> for some help here... please.

To get the path of the script whose sending mail you could do this:

Write a wrapper for qmail-inject. From within the wrapper you'll find
the path of the caller script in the environment variable $PWD (assuming

here is a wrapper example:

,-----[ qmail-inject.wrapper ]
| #! /bin/bash
| ORIG_INJECT=/var/qmail/bin/qmail-inject.djb_original
| TMPFILE=`tempfile`
| DATETIME=`date "+%d.%m.%Y %H:%M:%S"`
| # send desired information to myself
| # first the mail header
| echo -ne "Subject: [$DATETIME] something meaningful\n\n" >>$TMPFILE
| # now the message body
| echo -e "PWD: $PWD\n" >>$TMPFILE
| echo -e "\n----- original e-mail below -----\n" >>$TMPFILE
| # save the original message for our mail and pass ist on to the real 
| # send the log mail
| rm -f $TMPFILE
| # local logging
| /usr/bin/logger -p mail.info -t qmail-wrapper "command line parameters: $*"

Don't forget to change the symbolic link "/usr/sbin/sendmail" (normally
linked to "$QMAILDIR/bin/sendmail") to "$QMAILDIR/bin/qmail-inject". If
the link stays unchanged and the script uses "/usr/bin/sendmail" 
»qmail-inject« is invoked by $QMAILDIR/bin/sendmail and therefore "$PWD"
will be equal to "$QMAILDIR/bin".


Reply via email to