Track what PHP script sent an email on your cPanel server

There is a patch available from which forces PHP scripts to store the script name and location in the mail headers when using the mail() function. The below instructions will give you the details needed to add this patch to your cPanel server:

  1. Log into the server as root via ssh or the console.
  2. Run
    PHP Code:
    mkdir -p /var/cpanel/buildapache/scripts
  3. Create a file called phppost using a text editor vi phppost
  4. Add the following lines:
    PHP Code:
    PHPVER=`find -type d -iname "php-*"|sed "s/.///g"`
    patch -p0 < $PHPVER-mail-header.patch
  5. Save and quit that file.
  6. Run
    PHP Code:

    and now the patch will be automatically applied.

When you receive spam complaints you will now be able to look at the headers of the message and view what script and site these came from. This is extremely useful because PHP runs as nobody unless phpsuexec is enabled and in a virtual environment it can be difficult trying to track down the broken script!