From ezlinuxadmin.com
Track what PHP script sent an email on your cPanel server
There is a patch available from choon.net which forces PHP scripts to store the script name and location in the mail headers when using the mail() function. The below instructions will give you the details needed to add this patch to your cPanel server:
1) Log into the server as root via ssh or the console.
Run PHP Code:
mkdir -p /var/cpanel/buildapache/scripts
Create a file called phppost using a text editor like vim and add the following lines:
PHP Code:
#AUTO PATCH FROM http://choon.net/php-mail-header.php
PHPVER=`find -type d -iname "php-*"|sed "s/.///g"`
wget http://choon.net/opensource/php/$PHPVER-mail-header.patch
patch -p0 < $PHPVER-mail-header.patch
Save and quit that file.
Run PHP Code:
/scripts/easyapache
and now the patch will be automatically applied.
When you receive spam complaints you will now be able to look at the headers of the message and view what script and site these came from. This is extremely useful because PHP runs as nobody unless phpsuexec is enabled and in a virtual environment it can be difficult trying to track down the broken script!