The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Modernbill installed on cPanel is sending out FORGED EMAIL?

Discussion in 'E-mail Discussions' started by sexy_guy, Apr 16, 2003.

  1. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    This is absolutely nuts. We have Modernbill installed on our Cpanel server. We send out billing notices to our clients daily, monthly to pay thier bills. I happen to send out an invoice from Moderbill to one of my contract customers that i do work for. Our email goes out as billing@domain.com. Guess what? While watching his sendmail i see this crap arriving to his email box on his server.

    Apr 16 22:55:37 my sendmail[15038]: h3H2tbt15038: from=<nobody@mydomain.com>, size=1542, class=0, nrcpts=1, msgid=<E195zv7-0006qq-00@my.domain.com>, proto=ESMTP, relay=root@localhost

    Look at our FROM!!! Its from nobody@mydomain.com? How is this possible?????

    And howabout this part?

    zv7-0006qq-00@mydomain.com>, proto=ESMTP, daemon=MTA, relay=mydomain.com [64.xxx.xx.xxx] (may be forged)


    MAYBE FORGED? How is this possbile? Please explain this to me. So all email sent from our billing system has been sent as nobody@ourdomain.com even though our address is billing@ourdomain.com? This is just ridiculous! Hows that for a professional appearance? I am pissed off as hell.

    I never thought in a million years that email is arriving at its destination as nobody???? I thought it was our real address.

    :mad: :mad: :mad: :mad:
     
    #1 sexy_guy, Apr 16, 2003
    Last edited: Apr 16, 2003
  2. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    My exim_mainlog shows my MB email going from nobody@mydomain.com, too. But, I cc myself on all MB emails and it shows it's from me when I receive it.
     
  3. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Really, have you asked you customer what it appears as? I would love to know the answer to this question because as soon as i can get a hold of my client i will ask him what the email FROM said. How could it be arriving in his email box as from NOBODY then mysertious change to From: billing@mydomain? Sendmail on his box doesnt just change it automatically. And how do you explain the FORGED part in the logs above?
     
  4. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Yes, they get the same thing as I do. The emails are from me, not nobody.
     
  5. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    The From header will show from you. It is the Return_Path header that is modified to the nobody@ address. This has been discussed way to many times on this forum. There is even a fix posted, but I am not sure I would use it. I am not sure it is secure. This is not a Modernbill or a Cpanel issue. The issue is that user "nobody" (a php script being executed by apache) is the user sending the mail. As far as Exim is concened, "nobody" is not a trusted user, so nobody is not allowed to rewrite the Return_Path header to someone other than himself.
     
  6. JohnT

    JohnT Registered

    Joined:
    Feb 15, 2002
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    The maybe forged part just means there is a disagreement between the reverse dns and forward dns it has nothing to do with the nobody@ issue which is a generic issue whenever a script sends out mail when its running under the webserver user
     
Loading...

Share This Page