Use this method to track down any PHP scripts that might be sending email.
http://kb.parallels.com/en/1711
1) Create a /var/qmail/bin/sendmail-wrapper script with the following content:
#!/bin/sh(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@" |
Note, it should be two lines including ‘#!/bin/sh’.
2) Create a log file /var/tmp/mail.send and grant it “a+rw” rights; make the wrapper executable; rename old sendmail; and link it to the new wrapper:
touch /var/tmp/mail.sendchmod a+rw /var/tmp/mail.sendchmod a+x /var/qmail/bin/sendmail-wrappermv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmailln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail |
3) Wait for an hour and change back sendmail:
rm -f /var/qmail/bin/sendmailmv /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail |
Examine the /var/tmp/mail.send file. There should be lines starting with “X-Additional-Header:” pointing to domain folders where the scripts which sent the mail are located.
You can see all the folders from where mail PHP scripts were run with the following command:
grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e 's/HTTPD_VHOSTS_D//' ` |
If you see no output from the above command, it means that no mail was sent using the PHP mail() function from the Plesk virtual hosts directory.