Enable PHPMail logging using WHM
For a better idea of what specific scripts within a cPanel account are sending mail, you can enable PHP's built-in mail log function.
Note: The instructions below enable PHPMail logging for a single domain. You may need to repeat this process if you have multiple domains sending SPAM.
- Login to WHM
- From the List Account section of WHM, access cPanel for the account in question.
- Open the File Manager and navigate to the public_html directory. Create a file within the public_html directory called .user.ini. If one already exists, right-click and Edit the file.
- Add the following line to the file:
mail.log = /home/[CPANELUSERNAME]/phpmail.log
- You many need to restart Apache to make sure that the changes take effect.
- Once a log file is generated, you can access it from the file manager. You can download the log file or click on it in the file manager to view it.
In our example below, a script called nastyscript.php is responsible for all of the recent email from this account.
- This will allow you to pinpoint the source of the SPAM and determine if it is a malicious or legitimate script.
- Compromised email accounts can also be the cause of SPAM. Find SPAM senders in WHM.
- Take steps to prevent SPAM issues on your server.
- Return to review email spam issues on your server.
- Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.
Note: If not stopped, PHP mail logging will continue indefinitely which can lead to disk space issues. Be sure to remove the .user.ini file or the line added to enable PHP mail() logging when you finish troubleshooting.