Detecting PHP email spam scripts on your server

In this article I am describing how to identify PHP scripts that are being used for email spamming through a Postfix mail server on an Debian based server. I just recognized last week an unnormal high workload on my server, causing the fast-cgi PHP instances not working well anymore. There was a noticeable delivery of HTTP 500 error

Information about mail sending PHP scripts

To be enabled to gather information about PHP emailing scripts on your server, you can add two lines to your main php.ini: [crayon-59e6fe49217a8901968327/] Restart your webserver after changing the php.ini. First parameter is adding a "X-PHP-Originating-Script:" information to the mail header, stating the user name an script name sending the mail. The second one is