Results 1 to 15 of 15
  1. #1
    Join Date
    Jun 2001
    Posts
    369

    Changing mail from nobody

    I'm not sure where and how some of my scripts are using the nobody name and needs to be changed (bulletin board php script.) These are used to mail registrations to people. AOL now refuses to accept all email from "nobody" since it considers this to be unsolicited spam. It's caused a lot of grief by us this week since people aren't getting their info. Is this a setting in whm? Perhaps cpanel since it's domain related... I haven't found one just yet.

  2. #2
    Join Date
    Sep 2003
    Location
    uk
    Posts
    41
    To have PHP scripts run as your username instead of nobody you must get your host to install php with suexec enabled. This means all your PHP scripts run under your account username rather than nobody.

    This would require a server-wide change though so they may not do this. If not you may have to find a host that do.
    Xurial.net

  3. #3
    The only problem that I have seen with running suexec is that it does affect alot of php scripts causing alot of 500 internal service errors pages. It can be very tricky sometimes to make get the php scripts to function with the suexec.

  4. #4
    Join Date
    Apr 2005
    Location
    Atlanta, GA
    Posts
    454
    slinky, is it not possible to edit the php script to include whichever email address you prefer?
    [color=#666666]Ackoo Solutions, LLC

  5. #5
    Join Date
    Mar 2001
    Posts
    1,434
    If you cannot set the return path in your script, have your host turn on envelope rewriting/masquerading and have them rewrite [email protected] to another address.

    - John C.

  6. #6
    Join Date
    Jun 2001
    Posts
    369
    It's vbulletin that is sending out scripts from nobody. Here's what the headers of my emails look like -- apparently it's not from vBulletin. It's the header in the script. My return emails have a definite sender. AOL is not accepting emails set up as such. Of note, this is my own dedicated server and I'm learning as I go along all the complexities in running one... Thanks everyone...

    1EkE86-000614-Ey-H
    nobody 99 99
    <[email protected]>
    1134018942 1
    -ident nobody
    -received_protocol local
    -body_linecount 31
    -auth_id nobody
    -auth_sender [email protected]
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    XX
    1
    [email protected]

    149P Received: from nobody by mynameserver.myserver.net with local (Exim 4.52)
    id 1EkE86-000614-Ey
    for [email protected]; Thu, 08 Dec 2005 00:15:42 -0500
    020T To: [email protected]
    064 Subject: Action Required to Activate Membership for vBulletin!
    049F From: "vBulletin Forums" <[email protected]>
    034* Return-Path: [email protected]
    055I Message-ID: <[email protected]>
    014 X-Priority: 3
    033 X-Mailer: vBulletin Mail via PHP
    018 MIME-Version: 1.0
    047 Content-Type: text/plain; charset="ISO-8859-1"
    032 Content-Transfer-Encoding: 8bit
    038 Date: Thu, 08 Dec 2005 00:15:42 -0500

  7. #7
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by JohnCrowley
    If you cannot set the return path in your script, have your host turn on envelope rewriting/masquerading and have them rewrite [email protected] to another address..
    John -- perhaps this might do the trick? As you can see, nobody is in the header which is causing the problem. How might I go about this? I'm assuming I will need to ssh into the server... Thank you for your response.

  8. #8
    I believe with vBulletin, you can turn on SMTP verification, can you not? If you are able to, this is one simple way around the issue.
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  9. #9
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by VanHost
    I believe with vBulletin, you can turn on SMTP verification, can you not? If you are able to, this is one simple way around the issue.
    Brilliant idea and yes you can. Unfortunately I've noticed that using this method seems to expose the login name for the account owner. For example, if your login to cpanel is 'domainadmin' then you'll see it as follows in the header:

    eturn-path: <[email protected]>
    Envelope-to: [email protected]
    Delivery-date: Fri, 09 Dec 2005 17:36:32 -0500
    Received: from domainadmin by mynameserver.mydomain.net with local-bsmtp (Exim 4.52)
    id 1Ekqqt-0001SZ-Vv
    for [email protected]; Fri, 09 Dec 2005 17:36:32 -0500
    X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
    mynameserver.mydomain.net
    X-Spam-Level:
    X-Spam-Status: No, score=-4.4 required=9.0 tests=ALL_TRUSTED,BAYES_00
    autolearn=ham version=3.1.0
    Received: from [64.62.134.202] (helo=mail.mydomain.com)
    by mynameserver.mydomain.net with esmtpa (Exim 4.52)
    id 1Ekqqt-0001SS-78
    for [email protected]; Fri, 09 Dec 2005 17:36:31 -0500
    Date: Fri, 09 Dec 2005 22:36:31 +0000
    To: [email protected]
    From: "Forums" <[email protected]>
    Auto-Submitted: auto-generated
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-Mailer: vBulletin Mail via PHP
    Subject: Action Required to Activate Membership
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

  10. #10
    You could setup a new account "[email protected]" and use that email account as the verifier for SMTP This will keep you under-exposed, as it were
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  11. #11
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by VanHost
    You could setup a new account "[email protected]" and use that email account as the verifier for SMTP This will keep you under-exposed, as it were
    LOL. In the example I gave I was using another account to be the verifier. The "received from" unfortunately names the cpanel account owner if the sender isn't nobody. Take a look. In the prior example without SMTP the sender was "nobody" received by mynameserver.mydomain.net and in the SMTP example it was "domainusername" received by mynameserver.mydomain.net .

  12. #12

  13. #13
    Join Date
    Jun 2001
    Posts
    369
    Yes - VanHost it does -- I realized that the SMTP account I set up to use was also the sender so it's confusing, LOL.

    But here's the problem -- it uses ACCOUNTUSERNAME as a reply to address and seems that AOL is happy with that. But in the header it shows the following when using the vbulletin option to use SMTP:

    Received: from domainusername by mynameserver.mydomain.net with local-bsmtp (Exim 4.52)

    Interestingly enough, this doesn't happen when you send mail using SMTP from Outlook.


    Received: from mynameserver.myserver.net (mynamerserver.mydomain.com [xxx.xxx.xxx.xxx]) by destinationserver (xxx.xxx.xxx.xxx) with ESMTP id jB9NVoeO073724
    for <[email protected]>; Fri, 9 Dec 2005 15:31:50 -0800 (PST)

  14. #14
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Code:
    mail("$to", "$subject", "$message", "From: $from\nX-Mailer: PHP/ . $phpversion()", "-f $from");

    Notice the -f... that is the from address. this is how you can bypass the nobody without using phpsuexec
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  15. #15
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by Steven
    Code:
    mail("$to", "$subject", "$message", "From: $from\nX-Mailer: PHP/ . $phpversion()", "-f $from");
    Notice the -f... that is the from address. this is how you can bypass the nobody without using phpsuexec
    Steven -- this is great. I recognize the code from my work with PHP. But just a few questions:

    (1) Are you suggesting that this is in my script (vbulletin) - I think not since this is a mail header that is being compiled separately outside of the script and would not be script dependant, happening the same on every script that calls the mailto function. If so, where would I find the above code?

    (2) In terms of changing it, are you suggesting that I get rid of the -f parameter? This would make sense to me and, again, I would need to know where I'm making that edit.

    Once again, many thanks to all of you. Unfortunately, this problem will likely affect anyone running common scripts that use mailto and are set up this way. I'm not sure we have pphpsuexec installed and whether it would be beneficial (it seems not atm.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •