The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User nobody sending mail - Which account is it?

Discussion in 'E-mail Discussions' started by redlorry919, Sep 12, 2005.

  1. redlorry919

    redlorry919 Well-Known Member

    Joined:
    Feb 14, 2004
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Hi all,

    I have a user on one of my boxes sending out 10,000's of mail (I assume via php) from the user nobody. Is it possible to find out which account this is coming from or is there anything I can do to prevent it?

    Thanks in advance,
    Red.
     
  2. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Try the "View Relayers" function in WHM.
     
  3. redlorry919

    redlorry919 Well-Known Member

    Joined:
    Feb 14, 2004
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the quick response.

    I've had a look at that along with the mail stats and it only tells me the user nobody.

    Red.
     
  4. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    If you enable phpsuexec you will easily be able to tell which account is responsible for sending mail as mail is no longer sent out from nobody@hostname.com and is sent instead from relevantuser@hostname.com.

    Couple this with checking the option in WHM to prevent the nobody user from sending mail and you're sorted.

    This will allow you to tell which account is responisble for sending mail from the point phpsuexec is enabled and onwards, but not before. If you can put up with not knowing who has sent mail as nobody in the past, then that's OK. If not, keep searching the forum as methods have been discussed previously.

    Is there any reason why you haven't enabled phpsuexec?
     
  5. RandyO

    RandyO Well-Known Member

    Joined:
    Jun 17, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Take a look at the mail queue, that many messages is going to backup the system. You likely have a new account setup in the last week or so, likely with a stolen credit card and they are just using the account to spam. The ones we have caught are done thru php scripts that are run thru a web page and left to run unatteneded.
     
Loading...

Share This Page