Trace php spamming
How to locate php script that is being used for sending spam from your mail server (postfix or sendmail)
Locate your working php.ini file
php -i | grep 'Configuration File'
Append the following lines to php.ini
mail.add_x_header = On mail.log = /var/log/php-mail.log
Create log file:
touch /var/log/php-mail.log chmod 777 /var/log/php-mail.log
Restart Apache
service httpd restart
Watch log live:
tail -f /var/log/php-mail.log
Also sometimes you'll face spawning and immediately defunc processes that may send email . You can try to find details for such cases using command like:
ll /proc/$(ps aux | grep bounce | awk '{print$2}')
or
ll /proc/$(ps aux | grep <PROCESSNAME> | awk '{print$2}')