Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

"nobody" sends spam - please help!

Discussion in 'General Discussion' started by netlook, Jan 8, 2005.

  1. netlook

    netlook Well-Known Member

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    Is there any way to get know who send spam from my server?
    It was send by "nobody at myhostname.com".

    I have a date and mail ID.

    Please help,
    Tom
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,772
    Likes Received:
    92
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    use "phpsuexec" it will put a user to all mail scripts that run in php & cgi "username@myhostname.com


    Alot off server owners do not like using it becaue it causes problems but I have allways compiled apache with phpsuexec before adding any sites to a server and it has always worked well for me and i have at least a half a dozen php/cgi scripts that run as nobody tthey all work fine
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. netlook

    netlook Well-Known Member

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    166
    Ok, but if I would enable phpsuexec now no scripts would be work and it would be more difficult to explain each of my customers what to do.

    --

    But I've already know who sends spam.

    This is what I did:

    1. Add extended loging to exim.conf
    2. Tracked which script sends spam (before spam was generated it has cwd=/ track)

    User suspended, problem solved :p
     
  4. netlook

    netlook Well-Known Member

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    166
    One more question:

    Is there any way to check does the outgoing mail have From: header added, that is pointing to domain which is listed in /etc/localdomains (but isn't a hostname)?

    Of course I'm still talking about PHP without suExec compiled.

    I want to able my users sending mails by PHP mail() function with minimized risk of sending SPAM.

    Thank you
     
  5. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,772
    Likes Received:
    92
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    You would have to check them them all to make sure they work I would not expect your customers to fix this as this would be a problem you created. there are some suexec scripts in your scripts dirctory to fix things I do not know how well they work never had to use them


    You would just have to look through the access logs/mail logs tofind out who is doing what
    thats why I perfer using suexec its a time saver If somene thinks they feel the need to spam or get a insecure mail script uploaded its eaier to track it down


    have someone sending spam now?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. netlook

    netlook Well-Known Member

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    166
    No, I have figured out who was sending spam.

    I only want to know is there any option I should put into exim.conf that will check nobody@hostname.com mails for header From: with /etc/localdomains listed domain.

    Thanks
     
  7. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,772
    Likes Received:
    92
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice