To try and directly answer your question: I don't believe there are any logs that nail down what template a bit of mail is sent from. mailsent.log only says, for example:
"Information","scheduler-3","01/03/14","18:32:18",,"Mail: 'Subject Goes Here' From:'whoe...@wherever.com' To:'vic...@spamworld.com' was successfully sent using mail.openrelay.com" If you are a glutton for punishment you can still do it: Synch the mail sent time in mailsent.log with your web server log's template execution times and you should probably find a correlation that way. However, if it were me, I'd concentrate on solving the root problem and forget about where it might be happening. Do a global search for every instance of "</cfmail>" will show you every template that sends mail. Start cleaning up your code from there. Although the mail server itself is probably the first place you should start. On Mon, Aug 18, 2014 at 1:16 PM, Byron Mann <byronos...@gmail.com> wrote: > > Make sure the cfmail option for logging sent mail is enabled via the > CFAdmin. This will tell you if CF is actually sending the mail. The log > file will be in your CF root under logs. I think it's mailsent.log. > > Most likely one of two things. > > You have a web form that sends through another template using the cfmail > tag which does no "human" checking, like a Captcha or checking the delay > between page load and send request. > > Or you have an open relay with the mail server that is being used by CF to > send mail, and CF is not actually the issue. Your mail server logs can log > this, log location will vary based on the server used. There are several > online tools to check if your mail server has an open relay. > > http://mxtoolbox.com/diagnostic.aspx > > ~Byron > > > On Mon, Aug 18, 2014 at 3:56 PM, Garry Tran <tran.ga...@gmail.com> wrote: > > > > > Hi All - > > > > Recently we've been under a email injection attack where we have > > unauthorized emails being sent through our coldfusion application. At > this > > point we are unsure if it is through an email injection attack or not but > > if anybody has any advice on how to figure out where the attack is coming > > from it would be very helpful. > > > > My first question is - is there a way to trace back to which page cfmail > > is being called from? Are there any logs that I can view that would > allow > > us to track down what pages are being hijacked? > > > > Much appreciated, thanks! > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359136 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
