The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sombody is emailing from my server as NOBODY!

Discussion in 'E-mail Discussions' started by ozzi4648, Mar 14, 2003.

  1. ozzi4648

    ozzi4648 Guest

    Ok, well just another major bug to add to the literally 30 or 40.

    Somebody was sending out email from my server as nobody@srv08.primenet.cc with the option checked under tweeks. How come?

    2003-03-14 21:51:59 18u4aM-0004tA-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2171
    2003-03-14 21:52:00 18u4aM-0004tA-00 => wyatt@t2.net R=lookuphost T=remote_smtp H=helix.t2.net [216.174.158.107]
    2003-03-14 21:52:00 18u4aM-0004tA-00 Completed
    2003-03-14 21:52:04 18u4aS-0004tF-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2189
    2003-03-14 21:52:05 18u4aS-0004tF-00 => Dyew@prodigy.net R=lookuphost T=remote_smtp H=mx1.prodigy.net [207.115.63.20]
    2003-03-14 21:52:05 18u4aS-0004tF-00 Completed
    2003-03-14 21:52:09 18u4aX-0004tH-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2234
    2003-03-14 21:52:09 18u4aX-0004tH-00 => empireofnothing@hotmail.com R=lookuphost T=remote_smtp H=mx1.hotmail.com [65.54.252.99]
    2003-03-14 21:52:09 18u4aX-0004tH-00 Completed
    2003-03-14 21:52:14 18u4ac-0004tJ-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2202
    2003-03-14 21:52:14 18u4ac-0004tJ-00 => mattman917@yahoo.com R=lookuphost T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.5]
    2003-03-14 21:52:14 18u4ac-0004tJ-00 Completed
    2003-03-14 21:52:19 18u4ah-0004tL-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2187
    2003-03-14 21:52:19 18u4ah-0004tL-00 => rob1150@infi.net R=lookuphost T=remote_smtp H=mx04.mindspring.com [207.69.200.198]
    2003-03-14 21:52:19 18u4ah-0004tL-00 Completed
    2003-03-14 21:52:24 18u4am-0004tN-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2209
    2003-03-14 21:52:27 18u4am-0004tN-00 => YellaFella215@aol.com R=lookuphost T=remote_smtp H=mailin-03.mx.aol.com [64.12.136.249]
    2003-03-14 21:52:27 18u4am-0004tN-00 Completed
    2003-03-14 21:52:29 18u4ar-0004tP-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2208
    2003-03-14 21:52:31 18u4at-0004tE-00 <= price@escriptions.friends.snappi.net H=(smtp61.gooberfoob.com) [66.101.183.61] P=smtp S=6815 id=1047708163.8306@smtp61.gooberfoob.com
    2003-03-14 21:52:32 18u4at-0004tE-00 => fairy <fairy@poetsmind.com> D=virtual_sa_user T=virtual_sa_userdelivery
    2003-03-14 21:52:32 18u4at-0004tE-00 Completed
    2003-03-14 21:52:34 18u4aw-0004tX-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2205
    2003-03-14 21:52:34 18u4aw-0004tX-00 ohio.mgw.rr.com [65.32.1.49]: Connection refused
    2003-03-14 21:52:37 18u4aw-0004tX-00 => mtellep@cinci.rr.com R=lookuphost T=remote_smtp H=ohio.mgw.rr.com [24.29.99.40]
    2003-03-14 21:52:37 18u4aw-0004tX-00 Completed
    2003-03-14 21:52:39 18u4b1-0004ta-00 <= nobody@srv08.primenet.cc U=nobody P=local S=2198
    2003-03-14 21:52:39 18u4b1-0004ta-00 => Joseph10786@aol.com R=lookuphost T=remote_smtp H=mailin-03.mx.aol.com [64.12.136.249

    See for yourself!
     
  2. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    All scripts and webform for sending e-mail are actualy sending mail as user nobody. If someone is using your server as relay for spaming then some of your custumers have bad configured formmail.pl script wich allows spamers to send binch of mails.
    Check for existance formmail.pl script on your server:
    find /home -name formmail.pl -print
     
  3. ozzi4648

    ozzi4648 Guest

    I have identified the user, who is supposedly running a legit business however what i dont like seeing is email going out as nobody@myhost.com and powerful@myhost.com. There are no such users on the board. This user does not have an email account called powerful@hisdomin.com. He has sent out 1700 email between 9 and 10pm. Some of his mail got stuck in the queue so i was able to find out who it is.

    Anyone know how i can ban the user from sending out email using exim? Removing his MX record is good enough i suppose.

    And on a server with 260 sites excuting that command would just bog down the server.
     
    #3 ozzi4648, Mar 15, 2003
    Last edited by a moderator: Mar 15, 2003
  4. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Stuck mail can be your best friend at times. It's how I've caught a few people trying to spam. Nothing like one of them getting your main server IP on spam lists. Great fun... :mad:
     
Loading...

Share This Page