I’m running CPanel7/Exim4 and from time to time, I run into the problem of long email queues. By checking logs, I find lots of spam messages mainly targeting AOL accounts. I use a combination of find | grep | rm commands to delete the messages. The problem though is that I cannot know who is sending these spams!! The sender appearing in the logs is always nobody@myserver.mydomain.com!

Any idea on how can I find the abuser? Would suEXEC be of any use here? How can I prevent spams from emerging out of my server?

Hey there,

CPanel has an option (provided the updates are done) to disallow mail from nobody. Take a look at WHM (under Server Settings or something, it's in one of the top 5 left linkbar options).

Stuart

I'm aware of that function, but as I heard, if I enable this, then some legitimate php code, such as forums, would not be able to send emails!

I think there should be some other solutions :rolleyes:

In order to use the function, prevent nobody from sending mails, you need to compile your php to use phpsuexec.

It doesn't really prevent them from sending, just that it will now send under the user who's running the code instead of nobody (apache)

Generally it shouldn't be a problem, except that you can no longer tweak using .htaccess to modify the php.ini by domains.

Instead of deleting the emails, you should also investigate it a bit more. Sometimes, they leave a trail back e..g the unsubscribe link may give you an idea of the domain that's spamming. You can also grep your whole home directory for all php scripts that uses the mail function. That will help you narrow the list of suspects and you can investigate them one by one.

This is assuming you are already running suexec for cgi. Else run suexec. so that you can narrow down the suspects.

Thanks!

I've heard that phpsuexec is very experimental and would decrease php execution performance! Any comment on that please?!

Yes, I do check messages' contents. The content is mostly spam's regular, sex and alike!