Finding the script that sends spam email

  • September 2, 2015

If you are using cpanel, go a "tail -f /var/log/exim_mainlog | grep cwd" 

That will tell you what directory the files are sending mail from. If you are not using cpanel, it may be under /var/log/maillog

The code below will also tell you what is sending mail and how many times.

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

How helpful was this article to you?

Posting has been disabled.