The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tracking Spammers with UID

Discussion in 'General Discussion' started by bmcpanel, Aug 3, 2003.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    It seems EXIM puts an anti-abuse header in the emails sent from the server. One line of the anti-abuse header reads as follows....

    Originator/Caller UID/GID - [99 99] / [47 12]


    I am not familiar with UID/GID. Can I use that UID/GID info to find the person on my server who sends the email? If so, what would be the shell command?

    Thanks for any help.

    cPanel.net Support Ticket Number:
     
  2. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Your screwed.
    99 is apache (PHP script) theres no way you can trace that to a user.

    You need to enable phpsuexec and then disable "nobody" from sending mail.

    You could open /etc/passwd and search for the number in there to match it to a username.
    Im sure theres an easier way, i just cant think of it right now.

    Not sure what [47 12] is, probably the mail software (exim), its too small a number to be a hosting account.
     
  3. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for the info.

    cPanel.net Support Ticket Number:
     
  4. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    I have such situation.
    I have enabled phpsuexec and disabled this checkbox.
    But when I sent emails they delivered with the following in headers: "Received: from nobody by ServerName with local (Exim 4.24)".


    Could you please help how can I set it up to have proper account name but not "nobody".
     
  5. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    There is a commercial product out there called MailMon which helps on this. We have had hit and miss on it as the pricks get smarter than the script, but you can at least see high activity php scripts. Also, the makers of FMReport have a mail monitoring script out there for normal mail which helps a lot also.
     
Loading...

Share This Page