From 6b863bbeae44fd5d6d3f4d47324176267b384769 Mon Sep 17 00:00:00 2001
From: Dobrica Pavlinusic <dpavlin@rot13.org>
Date: Mon, 19 Sep 2016 14:28:29 +0200
Subject: [PATCH] document how to find php generated spam

---
 README | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 README

diff --git a/README b/README
new file mode 100644
index 0000000..632fe6a
--- /dev/null
+++ b/README
@@ -0,0 +1,17 @@
+This is set of scripts which can be useful when finding php generated spam in your mailq
+
+
+./mailq-php-script.sh depends on php.ini configuration:
+
+	mail.add_x_header = On
+
+which adds X-PHP-Originating-Script header to e-mails, which you can then find in your
+postfix mailq to figure out which scripts are generating e-mails.
+
+Very suspicios lines look like this:
+
+ 65534:logs.php(2) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code(1731) : eval()'d codeN=From: =?UTF-8?B?TGlsaWFuYQ==?= <lawrence.wiper@scotent.co.uk>N
+ 65534:logs.php(2) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code(1731) : eval()'d codeN=From: =?UTF-8?B?SmVzc2ljYQ==?= <martin.baray@sslaccess.co.uk>N
+ 65534:logs.php(2) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code(1731) : eval()'d codeN0From: =?UTF-8?B?QXNobGV5?= <daiee@hotmail.co.uk>N
+
+With this info, you can lookup logs.php file on your php server and clean them up. 
-- 
2.20.1