LinkBack URL
About LinkBacksHi all,
I have a user on one of my boxes sending out 10,000's of mail (I assume via php) from the user nobody. Is it possible to find out which account this is coming from or is there anything I can do to prevent it?
Thanks in advance,
Red.
User nobody sending mail - Which account is it?
Hi all,
I have a user on one of my boxes sending out 10,000's of mail (I assume via php) from the user nobody. Is it possible to find out which account this is coming from or is there anything I can do to prevent it?
Thanks in advance,
Red.
Try the "View Relayers" function in WHM.
Thanks for the quick response.
I've had a look at that along with the mail stats and it only tells me the user nobody.
Red.
If you enable phpsuexec you will easily be able to tell which account is responsible for sending mail as mail is no longer sent out from nobody@hostname.com and is sent instead from relevantuser@hostname.com.
Couple this with checking the option in WHM to prevent the nobody user from sending mail and you're sorted.
This will allow you to tell which account is responisble for sending mail from the point phpsuexec is enabled and onwards, but not before. If you can put up with not knowing who has sent mail as nobody in the past, then that's OK. If not, keep searching the forum as methods have been discussed previously.
Is there any reason why you haven't enabled phpsuexec?
Take a look at the mail queue, that many messages is going to backup the system. You likely have a new account setup in the last week or so, likely with a stolen credit card and they are just using the account to spam. The ones we have caught are done thru php scripts that are run thru a web page and left to run unatteneded.
Reply With Quote