The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

emergency, need to disallow nobody@servername.com sends

Discussion in 'General Discussion' started by jols, Feb 22, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Got kind of an emergency here. We've got some kind of mailer scripts broadcasting spam with nobody@servername.com (of course Our "servername") in the reply-to/return-path.

    How can I set up exim to where nobody@ sends are disallowed?
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Go to WHM > Tweak Settings and check "Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)"
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    There are cases where spammers still can send out their SPAM despite the fact that Phpsuexec and suexec are enabled. Finding the culprit and either suspending or deleting them is the best solution. That's what we did with several clients of ours with the same problem.
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I've selected Prevent the user 'nobody' from sending out... but the nobody@ email is still being queued. Is this normal?
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I've also included log_selector = +all in the Exim config, but I'll be danged if I can find how this spam ise being sent through our server. In the past it has been the result of some php or pl or cgi emailer.

    Does anyone have any tips on how to track this one down?
     
  6. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Still is. A spammer is using one of the scripts on your server to deliver their SPAM.

    It could be more than just one.
     
  7. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Granted. But the question about how to track this down remains. Any tricks you could offer?
     
  8. MattGetWeb

    MattGetWeb Well-Known Member

    Joined:
    Aug 4, 2005
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    grep '"POST ' /usr/local/apache/domlogs/*

    Look for something getting hit a lot. Most contactus/feedback forms will have a few hits a day. When it is getting hit every few minutes..
     
Loading...

Share This Page