The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

user 'cpanel' as the relayer?

Discussion in 'General Discussion' started by jacksony, Jan 16, 2006.

  1. jacksony

    jacksony Well-Known Member
    PartnerNOC

    Joined:
    Nov 30, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Hi, I notice user 'cpanel' as the relayer for numbers of email addresses from my server's clients. Anyone has any idea what could these clients be relaying through cpanel user?

    I need to take precaution against possible spam. Thank you!
     
  2. davidC

    davidC Member

    Joined:
    Aug 18, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, this is over a month old.
    I just noticed this too (haven't looked at it in over a month)
     
  3. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Ok, don't know if this is related, but I've just cleaned a load of spam out of my mail queue with the following headers:

    Code:
    1FCiky-0005Ns-9T-H
    cpanel 32001 32003
    <corre1000spond@msn.com>
    1140809856 0
    -ident cpanel
    -received_protocol local
    -body_linecount 74
    -auth_id cpanel
    -auth_sender cpanel@one.valcatohosting.com
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    -sender_set_untrusted
    [i](hundreds of recipients)[/i]
    125P Received: from cpanel by one.valcatohosting.com with local (Exim 4.52)
    	id 1FCiky-0005Ns-9T; Fri, 24 Feb 2006 19:37:36 +0000
    130P Received: from 127.0.0.1 ([127.0.0.1]) by one.valcatohosting.com (Horde
    	MIME library) with HTTP; Fri, 24 Feb 2006 19:33:08 +0000
    069I Message-ID: <20060224193308.dgzbartwjyg4kwgw@one.valcatohosting.com>
    038  Date: Fri, 24 Feb 2006 19:33:08 +0000
    052  Disposition-Notification-To: corre1000spond@msn.com
    045  X-Confirm-Reading-To: corre1000spond@msn.com
    011  X-PMRQC: 1
    042  Return-Receipt-To: corre1000spond@msn.com
    049F From: "Mary Kobe (Mrs)" <corre1000spond@msn.com>
    029T To: undisclosed-recipients:;
    044  Subject: Dear Friend, pls read and respond.
    018  MIME-Version: 1.0
    046  Content-Type: text/plain;
    	charset=ISO-8859-1
    028  Content-Disposition: inline
    032  Content-Transfer-Encoding: 7bit
    056  User-Agent: Internet Messaging Program (IMP) H3 (4.0.3)
     
  4. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    and these are still being added to my queue. To be honest, I'm starting to panic.
     
  5. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Panic over :)

    After identifying the processes sending the mail (by looking in top) I took a look in /proc/<pid>/environ and managed to identify the account sending them (a new signup from two days ago). These were being sent via horde, it would be nice if the mail headers actually reflected the originating account rather than listing cPanel.
     
  6. davidC

    davidC Member

    Joined:
    Aug 18, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    all that in 7 minutes ;p
     
  7. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Thinking about it, I probably would've sorted it out quicker had I not bothered posting here :) Ah well.
     
Loading...

Share This Page