Enable PHPMail logging in Plesk Linux
You can isolate a script sending PHPMail() by using PHP's built-in mail log function. Plesk allows you to enable PHPMail() logs on a per domain basis or for multiple domains using the same version of PHP.
Enable for a single domain
mail.log = /var/www/vhosts/coolexample.com/phpmail.log
Enter this into the Additional configuration directives box, and click Apply. If PHPMail() is used, a log file will automatically be created.
Once a log file is generated, you can access this log from the Plesk file manager.
If you have SSH access, you can manipulate the data to find common scripts being used. To get started, you'll need to enable administrator access on your Gen 3 or Gen 4 server (if you haven't already done so), connect with SSH and switch to the root user.
Run the following to find scripts using PHPMail():
[root@server ~]# cat /var/www/vhosts/coolexample.com/phpmail.log | awk '{print $6}' | cut -c 2- | uniq -c | cut -f1 -d':' 1255 /var/www/vhosts/coolexample.com/httpdocs/wp-content/uploads/2020/05/spamscript.php 544 /var/www/vhosts/coolexample.com/httpdocs/wp-content/morespam.php
Enable for multiple domains
Note: Enabling a PHPMail() log for all domains requires you to use SSH. If you are unfamiliar with SSH, use the single domain instructions.
[root@server ~]# touch /tmp/phpmail.log && chmod 777 /tmp/phpmail.log
cat /path/to/phpmail.log | awk '{print $6}' | cut -c 2- | uniq -c | cut -f1 -d':'
Related steps
- Compromised email accounts can also be the cause of SPAM. Find SPAM senders in Plesk Linux.
- You can also find SPAM senders using Postfix with SSH.
- Take steps to prevent SPAM issues on your server.
- Return to review email spam issues on your server.
More info
- Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.