LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-13-2006, 04:19 PM   #1
izghitu
Member
 
Registered: Oct 2005
Location: localhost.localdomain
Distribution: CentOS
Posts: 108

Rep: Reputation: 16
how to find out what account sent spam?


Hello,

I have XPanel on my server. PHP is runing in safe mode. I use the server to host my and my friends websites using XPanel. XPanel runs with PHP in safe mode. Someone sent a lot of spam from my server and I received an email from the provider saying that if this will be repetead I will lose my hosting of the server. As MTA I use sendmail.

Please tell me how can I find out what XPanel user sent the spam, all mails was sent from apache@domain.com. Every XPanel account runs under its UID.

Also how can I prevent sending spam and how can I disable sending mail from user apache@domain.com and will this affect the sending of mails through PHP function mail() of other users that do not send spam.

Please help
Thank you.
 
Old 01-13-2006, 05:47 PM   #2
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian Jessie 8.4
Posts: 5,873

Rep: Reputation: 348Reputation: 348Reputation: 348Reputation: 348
Download a copy of the Linux Network Administrators Guide. Section 18 discusses Sendmail, and how to prevent mail relays in general, and from specific hosts.
 
Old 01-13-2006, 05:51 PM   #3
izghitu
Member
 
Registered: Oct 2005
Location: localhost.localdomain
Distribution: CentOS
Posts: 108

Original Poster
Rep: Reputation: 16
And how to find out who sent the spam?
 
Old 01-13-2006, 05:53 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
Does XPanel provide logs files that let you check when users login? If so, you might be able to match that against the date/time the spam was sent (the sendmail log in /var/log/maillog should have that).

I'm assuming that your web server runs as apache and that the email address isn't an arbitrary one. Can you have a look and see whether apache is listed in /etc/mail/trusted-users as well as grepping /etc/mail/sendmail.cf and /etc/mail/submit.cf for lines that start with 'T' (for trusted users). For example:

Code:
grep '^Tapache' /etc/mail/*cf
Removing those lines will cause a warning to be entered in the mail logs when somebody mails with `sendmail -f`. The benefit of the warning is in auditing your logs - you can see what apache changed the address to. For example:

Code:
Jan  9 09:06:18 fender sendmail[13644]: k08N6IKU013644: Authentication-Warning: fender.mydomain.com.au: apache set sender to santa@northpole.com.au using -f
As far as stopping spam goes, can you reconfigure your setup so the To address can't be set by anyone else? I'm assuming that the users only need to contact a known set of people (support or other users for example).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
system account or user account??? yenonn Linux - Newbie 6 05-10-2006 08:49 PM
cyrus email account linux account nobu Linux - Enterprise 0 10-31-2005 04:16 AM
htaccess -- Apache can't find account exactly in htpasswd -- please help b:z Linux - Networking 7 05-16-2005 06:47 AM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 09:35 AM
What other anti-spam for Linux that can be used, other than Spam assassin? johnportiz Linux - Software 6 01-27-2004 04:17 AM


All times are GMT -5. The time now is 08:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration