On Tue, 27 Sep 2005 09:52:39 -0700 "Clayton Weise" <[EMAIL PROTECTED]> wrote:
> I know this is way off topic, but there are a lot of really smart > people on this list so I'm hoping to get some ideas here. I've got a > web server that has some kind of formmail-esque script that is being > horribly abused but I can't find it. The server (shut down qmail-send > on it for now) is spewing out messages by the hundreds, if not > thousands, and I can't seem to center down on which site has the > offending script. Again, it's pretty off topic but I'm just looking > for some help here... please. To get the path of the script whose sending mail you could do this: Write a wrapper for qmail-inject. From within the wrapper you'll find the path of the caller script in the environment variable $PWD (assuming bourne[again]shell) here is a wrapper example: ,-----[ qmail-inject.wrapper ] | #! /bin/bash | | ORIG_INJECT=/var/qmail/bin/qmail-inject.djb_original | RETURN_PATH="[EMAIL PROTECTED]" | TMPFILE=`tempfile` | DATETIME=`date "+%d.%m.%Y %H:%M:%S"` | | # send desired information to myself | # first the mail header | echo "From: [EMAIL PROTECTED]" >$TMPFILE | echo "To: [EMAIL PROTECTED]" >>$TMPFILE | echo -ne "Subject: [$DATETIME] something meaningful\n\n" >>$TMPFILE | | # now the message body | echo -e "PWD: $PWD\n" >>$TMPFILE | echo -e "\n----- original e-mail below -----\n" >>$TMPFILE | | # save the original message for our mail and pass ist on to the real qmail-inject | tee -a $TMPFILE | $ORIG-INJECT -f$RETURN_PATH | | # send the log mail | $ORIG-INJECT < $TMPFILE | rm -f $TMPFILE | | # local logging | /usr/bin/logger -p mail.info -t qmail-wrapper "command line parameters: $*" `----- Don't forget to change the symbolic link "/usr/sbin/sendmail" (normally linked to "$QMAILDIR/bin/sendmail") to "$QMAILDIR/bin/qmail-inject". If the link stays unchanged and the script uses "/usr/bin/sendmail" »qmail-inject« is invoked by $QMAILDIR/bin/sendmail and therefore "$PWD" will be equal to "$QMAILDIR/bin". HTH Lars