The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"nobody" sends spam - please help!

Discussion in 'General Discussion' started by netlook, Jan 8, 2005.

  1. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    Is there any way to get know who send spam from my server?
    It was send by "nobody at myhostname.com".

    I have a date and mail ID.

    Please help,
    Tom
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    use "phpsuexec" it will put a user to all mail scripts that run in php & cgi "username@myhostname.com


    Alot off server owners do not like using it becaue it causes problems but I have allways compiled apache with phpsuexec before adding any sites to a server and it has always worked well for me and i have at least a half a dozen php/cgi scripts that run as nobody tthey all work fine
     
  3. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Ok, but if I would enable phpsuexec now no scripts would be work and it would be more difficult to explain each of my customers what to do.

    --

    But I've already know who sends spam.

    This is what I did:

    1. Add extended loging to exim.conf
    2. Tracked which script sends spam (before spam was generated it has cwd=/ track)

    User suspended, problem solved :p
     
  4. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    One more question:

    Is there any way to check does the outgoing mail have From: header added, that is pointing to domain which is listed in /etc/localdomains (but isn't a hostname)?

    Of course I'm still talking about PHP without suExec compiled.

    I want to able my users sending mails by PHP mail() function with minimized risk of sending SPAM.

    Thank you
     
  5. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    You would have to check them them all to make sure they work I would not expect your customers to fix this as this would be a problem you created. there are some suexec scripts in your scripts dirctory to fix things I do not know how well they work never had to use them


    You would just have to look through the access logs/mail logs tofind out who is doing what
    thats why I perfer using suexec its a time saver If somene thinks they feel the need to spam or get a insecure mail script uploaded its eaier to track it down


    have someone sending spam now?
     
  6. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    No, I have figured out who was sending spam.

    I only want to know is there any option I should put into exim.conf that will check nobody@hostname.com mails for header From: with /etc/localdomains listed domain.

    Thanks
     
  7. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
Loading...

Share This Page