The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

tracking mails originating user "nobody"

Discussion in 'E-mail Discussions' started by mohit, Aug 12, 2005.

  1. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    any ideas or link where i can find info on how to tracke-mails which are sent from "nobody" id of the server.

    Recently i saw a increase in mails sent from user nobody in "View relayers".

    Thanks in advance.
    Mohit
     
  2. challii

    challii Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    In the first bog of the advanced exim configurator put on a seperate lin
    Code:
    log_selector = +all
    then in SSH tail -f /var/log/exim_mainlog and you can see which directory the email is originating from.
     
  3. erik@delphi

    erik@delphi Well-Known Member

    Joined:
    Jul 9, 2005
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Belgium
    hi,

    here is a link to a howto about tracking PHP "nobody" spammers hope it helps you ;)
     
  4. shashank

    shashank Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    159
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    log_selector = +all

    is be better fix from all of them surely.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They're both good ways to track it down. The extended logs don't always give you the information you need, whereas the substitute sendmail binary can often identify the actual script involved, though it too has its drawbacks.
     
  6. GordonH

    GordonH Well-Known Member

    Joined:
    Sep 6, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    A significant problem is scripts that create other scripts which send mail as user nobody and then delete themselves.
    phpexec fixes this and I have been pleasantly surprised by how few problems it has caused to users.

    Worth considering....

    On a similar note we use mod_security to prevent calling of URLs with character substitutions in them, such as used by phishers and spamnmers to upload via image gallery scripts.
     
  7. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    Hi,
    how many of server owners Keep it restricted for their clients to use php mail script to send mails.

    Is there any way of allowing just few domains to be able to send mails from php scripts.

    how do i install "phpexec" and will i need to ask my clients to change codes for php form scripts which work only when nobody user is allowed. they are currently not able to get registration details, feedbacks, forms not getting processed.

    See ya,
    mohit
     
  8. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    you will have to do it via easyapache. enabling this will make run php scripts with the individual users
     
Loading...

Share This Page