The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how can i check which script is send mail?

Discussion in 'E-mail Discussions' started by meeti, Dec 29, 2007.

  1. meeti

    meeti Well-Known Member

    Joined:
    Dec 25, 2007
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Hi,


    i use "top" to find some account waste a lot of cpu resource,

    it shows with "spamd" on the command column.


    i think it may because certain script ( form ) of the account is been used for spam,

    i need to find which and where the form script is,

    who can teach me how to find it?



    thanks
     
  2. xerophyte

    xerophyte Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    216
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    increase the exim logging for subject and script locations

    Code:
    log_selector = +arguments +delivery_size +subject
    
    use the whm exim advance editor and put in the first text box
     
  3. meeti

    meeti Well-Known Member

    Joined:
    Dec 25, 2007
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16

    Hi,


    after i add those code,

    where can i check the record of the sending?


    Thanks
     
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    Look in /var/log/exim_mainlog
     
  5. meeti

    meeti Well-Known Member

    Joined:
    Dec 25, 2007
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Hi,RickG,

    thsnks :)
     
  6. draculinos

    draculinos Member

    Joined:
    Oct 2, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I have the same problem but I cant see with this code adding there the location of the script are sending the spam emails .

    Any other help please?
     
  7. draculinos

    draculinos Member

    Joined:
    Oct 2, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Any help please?
    Is there any other way to trace the script?

    Thanks
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    In the logs you should be able to discern which user is sending the mail. If you see it as nobody I'd recommend implementing SuExec and SuPHP to ensure that all outgoing mail is sent as the user whose account that script resides in.
     
  9. meeti

    meeti Well-Known Member

    Joined:
    Dec 25, 2007
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Hi,


    when i ssh the server and use the command "top" to check,

    i find a lot of COMMAND "httpd" with USER "nobody",

    is possible that i make the nobody showing as which website ( account ) is been linking?




    thanks
     
  10. meeti

    meeti Well-Known Member

    Joined:
    Dec 25, 2007
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16

    Hi,


    i install SuPHP,

    but the Main >> Email >> View Relayers still get some mail with nobody,

    how can i solve it?



    thanks
     
  11. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If you have installed both SuPHP and SuExec, there shouldn't be a legit. reason for someone to send mail as nobody. So you can then go to WHM -> Server Configuration -> Tweak Settings and in the mail section, ensure the following setting is checked: Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.) and then click save at the bottom of that page.
     
Loading...

Share This Page