To be enabled to gather information about PHP emailing scripts on your server, you can add two lines to your main php.ini:
mail.add_x_header = On mail.log = /var/log/phpmail.log
Restart your webserver after changing the php.ini.
First parameter is adding a „X–PHP–Originating–Script:“ information to the mail header, stating the user name an script name sending the mail.
The second one is adding a new log file to you log directory logging all mailing activity from your PHP scripts. This information can be used to find out really fast when your server was compromised from which source it came from.
Keep in mind:
- your WordPress installations should be always up to date.
- if you add these information to the php.ini, this information is send with each mail header, so one might get information about your user IDs and scripts you have on your server.