Results 1 to 15 of 15
  1. #1

    Changing mail from nobody

    I'm not sure where and how some of my scripts are using the nobody name and needs to be changed (bulletin board php script.) These are used to mail registrations to people. AOL now refuses to accept all email from "nobody" since it considers this to be unsolicited spam. It's caused a lot of grief by us this week since people aren't getting their info. Is this a setting in whm? Perhaps cpanel since it's domain related... I haven't found one just yet.

  2. #2
    Join Date
    Sep 2003
    Location
    uk
    Posts
    42
    To have PHP scripts run as your username instead of nobody you must get your host to install php with suexec enabled. This means all your PHP scripts run under your account username rather than nobody.

    This would require a server-wide change though so they may not do this. If not you may have to find a host that do.
    Xurial.net

  3. #3
    The only problem that I have seen with running suexec is that it does affect alot of php scripts causing alot of 500 internal service errors pages. It can be very tricky sometimes to make get the php scripts to function with the suexec.

  4. #4
    Join Date
    Apr 2005
    Location
    Atlanta, GA
    Posts
    454
    slinky, is it not possible to edit the php script to include whichever email address you prefer?
    [color=#666666]Ackoo Solutions, LLC

  5. #5
    Join Date
    Mar 2001
    Posts
    1,446
    If you cannot set the return path in your script, have your host turn on envelope rewriting/masquerading and have them rewrite nobody@hostname to another address.

    - John C.

  6. #6
    It's vbulletin that is sending out scripts from nobody. Here's what the headers of my emails look like -- apparently it's not from vBulletin. It's the header in the script. My return emails have a definite sender. AOL is not accepting emails set up as such. Of note, this is my own dedicated server and I'm learning as I go along all the complexities in running one... Thanks everyone...

    1EkE86-000614-Ey-H
    nobody 99 99
    <nobody@mynameserver.myserver.net>
    1****18942 1
    -ident nobody
    -received_protocol local
    -body_linecount 31
    -auth_id nobody
    -auth_sender nobody@mynameserver.myserver.net
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    XX
    1
    everyone@aol.com

    149P Received: from nobody by mynameserver.myserver.net with local (Exim 4.52)
    id 1EkE86-000614-Ey
    for everyone@aol.com; Thu, 08 Dec 2005 00:15:42 -0500
    020T To: everyone@aol.com
    064 Subject: Action Required to Activate Membership for vBulletin!
    049F From: "vBulletin Forums" <webmaster@mydomain.com>
    034* Return-Path: webmaster@mydomain.com
    055I Message-ID: <200512080501.fa3732687403@www.mydomain.com>
    014 X-Priority: 3
    033 X-Mailer: vBulletin Mail via PHP
    018 MIME-Version: 1.0
    047 Content-Type: text/plain; charset="ISO-8859-1"
    032 Content-Transfer-Encoding: 8bit
    038 Date: Thu, 08 Dec 2005 00:15:42 -0500

  7. #7
    Quote Originally Posted by JohnCrowley
    If you cannot set the return path in your script, have your host turn on envelope rewriting/masquerading and have them rewrite nobody@hostname to another address..
    John -- perhaps this might do the trick? As you can see, nobody is in the header which is causing the problem. How might I go about this? I'm assuming I will need to ssh into the server... Thank you for your response.

  8. #8
    I believe with vBulletin, you can turn on SMTP verification, can you not? If you are able to, this is one simple way around the issue.
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  9. #9
    Quote Originally Posted by VanHost
    I believe with vBulletin, you can turn on SMTP verification, can you not? If you are able to, this is one simple way around the issue.
    Brilliant idea and yes you can. Unfortunately I've noticed that using this method seems to expose the login name for the account owner. For example, if your login to cpanel is 'domainadmin' then you'll see it as follows in the header:

    eturn-path: <newaccount@domain.com>
    Envelope-to: newaccount@domain.com
    Delivery-date: Fri, 09 Dec 2005 17:36:32 -0500
    Received: from domainadmin by mynameserver.mydomain.net with local-bsmtp (Exim 4.52)
    id 1Ekqqt-0001SZ-Vv
    for newaccount@domain.com; Fri, 09 Dec 2005 17:36:32 -0500
    X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
    mynameserver.mydomain.net
    X-Spam-Level:
    X-Spam-Status: No, score=-4.4 required=9.0 tests=ALL_TRUSTED,BAYES_00
    autolearn=ham version=3.1.0
    Received: from [64.62.134.202] (helo=mail.mydomain.com)
    by mynameserver.mydomain.net with esmtpa (Exim 4.52)
    id 1Ekqqt-0001SS-78
    for newaccount@domain.com; Fri, 09 Dec 2005 17:36:31 -0500
    Date: Fri, 09 Dec 2005 22:36:31 +0000
    To: newaccount@domain.com
    From: "Forums" <newaccount@domain.com>
    Auto-Submitted: auto-generated
    Message-ID: <200512092230.143d27716174@www.mydomain.com>
    MIME-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-Mailer: vBulletin Mail via PHP
    Subject: Action Required to Activate Membership
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

  10. #10
    You could setup a new account "vb@domain.com" and use that email account as the verifier for SMTP This will keep you under-exposed, as it were
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  11. #11
    Quote Originally Posted by VanHost
    You could setup a new account "vb@domain.com" and use that email account as the verifier for SMTP This will keep you under-exposed, as it were
    LOL. In the example I gave I was using another account to be the verifier. The "received from" unfortunately names the cpanel account owner if the sender isn't nobody. Take a look. In the prior example without SMTP the sender was "nobody" received by mynameserver.mydomain.net and in the SMTP example it was "domainusername" received by mynameserver.mydomain.net .

  12. #12
    If you setup the SMTP to use an email account, it shouldn't say:

    received from ACCOUNTUSERNAME by SERVERNAME

    it should read:

    received from email@domain.com by SERVERNAME

    Does it not?
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  13. #13
    Yes - VanHost it does -- I realized that the SMTP account I set up to use was also the sender so it's confusing, LOL.

    But here's the problem -- it uses ACCOUNTUSERNAME as a reply to address and seems that AOL is happy with that. But in the header it shows the following when using the vbulletin option to use SMTP:

    Received: from domainusername by mynameserver.mydomain.net with local-bsmtp (Exim 4.52)

    Interestingly enough, this doesn't happen when you send mail using SMTP from Outlook.


    Received: from mynameserver.myserver.net (mynamerserver.mydomain.com [xxx.xxx.xxx.xxx]) by destinationserver (xxx.xxx.xxx.xxx) with ESMTP id jB9NVoeO073724
    for <destinationeamil@destinationdomain.com>; Fri, 9 Dec 2005 15:31:50 -0800 (PST)

  14. #14
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Code:
    mail("$to", "$subject", "$message", "From: $from\nX-Mailer: PHP/ . $phpversion()", "-f $from");

    Notice the -f... that is the from address. this is how you can bypass the nobody without using phpsuexec
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  15. #15
    Quote Originally Posted by Steven
    Code:
    mail("$to", "$subject", "$message", "From: $from\nX-Mailer: PHP/ . $phpversion()", "-f $from");
    Notice the -f... that is the from address. this is how you can bypass the nobody without using phpsuexec
    Steven -- this is great. I recognize the code from my work with PHP. But just a few questions:

    (1) Are you suggesting that this is in my script (vbulletin) - I think not since this is a mail header that is being compiled separately outside of the script and would not be script dependant, happening the same on every script that calls the mailto function. If so, where would I find the above code?

    (2) In terms of changing it, are you suggesting that I get rid of the -f parameter? This would make sense to me and, again, I would need to know where I'm making that edit.

    Once again, many thanks to all of you. Unfortunately, this problem will likely affect anyone running common scripts that use mailto and are set up this way. I'm not sure we have pphpsuexec installed and whether it would be beneficial (it seems not atm.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •