I was fixing a website that was under attack.
I saw that some hacker put his e-mail address into the code to send credit card information to himself.
I obviously removed that e-mail address.
But, just to be sure, is there a way I can check what e-mails actually are getting sent from the server / the application?
e.g. is there an outbox folder or some history log of what e-mails are getting sent?
the code base is huge and it would take a long time to figure out all places where e-mails are getting sent are not infected.
sendmail (or similar MTAs) will, by default, log transactions so you can see who was emailed when. But it's highly unlikely actually copies of email content will ever be logged any where in a web server environment.
On Centos/RHEL, sendmail logs will be in /var/log/maillog.
I would at least find all instances of mail( in your code project through something as simple as Sublime to ensure you check everything ... although I find it unlikely that this is a single injection vulnerability in a mail form or similar.