Login to your server and su - to root.
Step 2)
Turn off exim while we do this so it doesn't freak out.
- Code: Select all
/etc/init.d/exim stop
Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA,
the sendmail file is just basically a pointer to Exim itself.
- Code: Select all
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden
Step 4)
Create the spam monitoring script for the new sendmail.
- Code: Select all
pico /usr/sbin/sendmail
Paste in the following:
- Code: Select all
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {
print INFO "$date - $PWD - @infon";
}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5)
Change the new sendmail permissions
- Code: Select all
chmod +x /usr/sbin/sendmail
Step 6)
Create a new log file to keep a history of all mail going out of the
server using web scripts
- Code: Select all
touch /var/log/spam_log
- Code: Select all
chmod 0777 /var/log/spam_log
Step 7)
Start Exim up again.
- Code: Select all
/etc/init.d/exim start
Step 8)
Monitor your spam_log file for spam, try using any formmail or script that
uses a mail function - a message board, a contact script.
- Code: Select all
tail - f /var/log/spam_log
Sample Log Output
/home/username/public_html/directory/subdirectory - nobody x 99 99 Nobody
/ /sbin/nologin
Log Rotation Details
Your spam_log file isn't set to be rotated so it might get to be very
large quickly. Keep an eye on it and consider adding it to your
logrotation.
- Code: Select all
pico /etc/logrotate.conf
FIND:
# no packages own wtmp -- we'll rotate them here
- Code: Select all
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
ADD BELOW:
# SPAM LOG rotation
- Code: Select all
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
