how can i check which script is send mail?

meeti

Well-Known Member
Dec 25, 2007
119
0
66
Hi,


i use "top" to find some account waste a lot of cpu resource,

it shows with "spamd" on the command column.


i think it may because certain script ( form ) of the account is been used for spam,

i need to find which and where the form script is,

who can teach me how to find it?



thanks
 

meeti

Well-Known Member
Dec 25, 2007
119
0
66
increase the exim logging for subject and script locations

Code:
log_selector = +arguments +delivery_size +subject
use the whm exim advance editor and put in the first text box

Hi,


after i add those code,

where can i check the record of the sending?


Thanks
 

draculinos

Member
Oct 2, 2006
6
0
151
I have the same problem but I cant see with this code adding there the location of the script are sending the spam emails .

Any other help please?
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Any help please?
Is there any other way to trace the script?

Thanks
In the logs you should be able to discern which user is sending the mail. If you see it as nobody I'd recommend implementing SuExec and SuPHP to ensure that all outgoing mail is sent as the user whose account that script resides in.
 

meeti

Well-Known Member
Dec 25, 2007
119
0
66
Hi,


when i ssh the server and use the command "top" to check,

i find a lot of COMMAND "httpd" with USER "nobody",

is possible that i make the nobody showing as which website ( account ) is been linking?




thanks
 

meeti

Well-Known Member
Dec 25, 2007
119
0
66
In the logs you should be able to discern which user is sending the mail. If you see it as nobody I'd recommend implementing SuExec and SuPHP to ensure that all outgoing mail is sent as the user whose account that script resides in.

Hi,


i install SuPHP,

but the Main >> Email >> View Relayers still get some mail with nobody,

how can i solve it?



thanks
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Hi,


i install SuPHP,

but the Main >> Email >> View Relayers still get some mail with nobody,

how can i solve it?



thanks
If you have installed both SuPHP and SuExec, there shouldn't be a legit. reason for someone to send mail as nobody. So you can then go to WHM -> Server Configuration -> Tweak Settings and in the mail section, ensure the following setting is checked: Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.) and then click save at the bottom of that page.