The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

stop email from local

Discussion in 'E-mail Discussions' started by gavcom, Mar 5, 2015.

  1. gavcom

    gavcom Member

    Joined:
    Mar 4, 2015
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi all

    Got a bit of a strange one, i recently saw something being uploaded to one of my accounts, its a php script that sends out mail via my local server name. the only reason i caught this is because of my firewall which alearts me
    of relayed email that go over 100 with in an hour.

    1. i already removed any and all FTP accounts even changed the root pw for that account
    2. the file in question "llm.php" still manages to find its way back
    3. ive set a cronjob to delete that file every 1min, but i dont want this
    4. ive tried to grep every log i can find but i cant find the culprint

    a. how can i stop sending from my local domain server or at least make sure its authenticated and or allowed to send from the local domain name, im running a shared server btw that i have root access to and manage
    b. is there a central log somewhere i havent seen that records any uploaded files to the dif accounts

    im running latest
    cpanel 11.48.1 build 2
    apache 2.2 -recommended by cpanel
    php 5.4 -recommended by cpanel

    thanks a bunch, really need a solution to this as that script managed to send out nearly 5000 emails... of crap and im now trying to remove my self from outlook.com blacklist
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    For PHP scripts, you could add "mail" to the disable_functions line in your PHP configuration file. The following document may also be helpful:

    How To Prevent Email Abuse

    Thank you.
     
  3. gavcom

    gavcom Member

    Joined:
    Mar 4, 2015
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi i dont want to add MAIL to php there are alot of other sites legit that need it, i just want to stop a php from sending from my local server name eg x@localserver.co.za were x is the name of the account that has the php script loaded. i want them to send from x@x.co.za force-ably...
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The default behavior of Exim is to use the cPanel username and hostname of the server to construct the envelope-sender address. If you can configure the mailer to use SMTP and authenticate with SMTP AUTH, this will set the correct "Return-Path" in the headers. There are no options to circumvent this unless you prevent users from sending out via PHP. You can add an individual php.ini to the account (assuming you are using suPHP) to ensure that only this account is blocked from sending out email through PHP, and that other accounts on your server are still permitted to do so.

    Thank you.
     
  5. gavcom

    gavcom Member

    Joined:
    Mar 4, 2015
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    1. hmm what if like the offending script they delete the php.ini and continue to send mail out
    2. inside the php.ini i just put in exclude mail or do i have to have a complete php.ini
    3. where do i put the php.ini /home/public_html ? or just /home

    thanks for the help
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page