The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Many e-mails return to nobody's e-mail.

Discussion in 'E-mail Discussions' started by surachat, Jul 16, 2009.

  1. surachat

    surachat Member

    Joined:
    Feb 25, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I got many e-mails to nobody's e-mail in my server more than 5.5k mails. I thinks it's abnormal. I'm newbie of Linux and WHM. Could anybody help me?


    Mail delivery failed: returning message to sender‏
    From: Mail Delivery System (Mailer-Daemon@alpha.bornitexpert.net)
    Sent: 16 July 2009 21:15:11
    To: nobody@alpha.bornitexpert.net
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    qualitybuilt55@aol.com
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings
    petgord34truew@tokyoshoes.com
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings
    redheadcop@hotmail.com
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings
    artiespecv@comcast.net
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings
    paszzz@hotmail.com
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings
    sxyblk45@yahoo.com
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings
    alemurtinho@terra.com.br
    Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <nobody@alpha.bornitexpert.net>
    Received: from nobody by alpha.bornitexpert.net with local (Exim 4.69)
    (envelope-from <nobody@alpha.bornitexpert.net>)
    id 1MRRfq-0000Pr-OP; Thu, 16 Jul 2009 21:11:02 +0700
    To: qualitybuilt55@aol.com,petgord34truew@tokyoshoes.com,redheadcop@hotmail.com,artiespecv@comcast.net,paszzz@hotmail.com,sxyblk45@yahoo.com,alemurtinho@terra.com.br
    Subject: GET UNFAILING VIRILITY (Tablets against impotence 5)
    From: sunshine37111@yahoo.com
    Reply-To: sunshine37111@yahoo.com
    Content-type: text/html; charset=iso-8859-5
    Message-Id: <E1MRRfq-0000Pr-OP@alpha.bornitexpert.net>
    Date: Thu, 16 Jul 2009 21:11:02 +0700


    <div align="center">
    <font size="5" color="#fa0210">
    <STRONG>For more restoration pleasure was able to get from us.</STRONG>
    <BR><BR>
    <a href="http://b1g.gratishost.com/interesting91/what/isnt43.html">THE TABS YOU ARE HERE </a>
    </font>
    </div>
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Those are likely bounced emails being sent out from a PHP script on a users web site on the server. If they are spam, then a PHP script has likely been compromised. You can track such emails back to a user directory within /home if you enable extended exim logging and then track subsequent emails sent out by looking for a corresponding cwd= entry in /var/log/exim_mainlog. More information here:
    ConfigServer Services - Searching for Spammers

    If that's not the issue, i.e. they are legitimate emails being sent out by PHP script, then it may well be that you have enabled the option WHM > Tweak Settings > Prevent the user "nobody" from sending out mail to remote addresses. That will obviously prevent those emails being sent and they will bounce back.
     
  3. Legin76

    Legin76 Well-Known Member

    Joined:
    Dec 11, 2007
    Messages:
    151
    Likes Received:
    1
    Trophy Points:
    18
    I'm getting this problem a too but am worried about changing "Prevent the user "nobody" from sending out mail to remote addresses" as its happening on multiple sites that have all been moved from ensim servers and I don't to stop them from sending emails and or have to deal with getting them to change their code.

    They are using different php scripts but one specifically us using the latest version of phpbb.

    Is there a way of making them go to the defaults account email address instead?
     
  4. Shyam Mohammed

    Joined:
    Jul 9, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ernakulam, Kerala, IN
    cPanel Access Level:
    Root Administrator
    Hello,

    You can enable suphp so that the mails will be sent as the user instead of nobody. Please note that enabling suphp may cause some compatibility issue with your sites, so consult your developer before switching the php handler. However it is encouraged to use suphp as it is a security module which will force the php scripts to run as users instead of the default apache user. You can give a try as you are free to switch back to DSO or CGI handler if your sites are having problem with suphp.
     
  5. Legin76

    Legin76 Well-Known Member

    Joined:
    Dec 11, 2007
    Messages:
    151
    Likes Received:
    1
    Trophy Points:
    18
    Thats fantastic..

    After changing it there have been a couple of small issues with sites.. The permissions of a folder and a form with a button with an onClick="submit()" that would not send.

    Which have all been easy to sort.

    Fingers crossed that will be it or if they are all as easy to fix as that it should be plain sailing.

    An excellent suggestion. Thank you.
     
Loading...

Share This Page