how to find out what account sent spam?
 

Hello,

I have XPanel on my server. PHP is runing in safe mode. I use the server to host my and my friends websites using XPanel. XPanel runs with PHP in safe mode. Someone sent a lot of spam from my server and I received an email from the provider saying that if this will be repetead I will lose my hosting of the server. As MTA I use sendmail.

Please tell me how can I find out what XPanel user sent the spam, all mails was sent from apache@domain.com. Every XPanel account runs under its UID.

Also how can I prevent sending spam and how can I disable sending mail from user apache@domain.com and will this affect the sending of mails through PHP function mail() of other users that do not send spam.

Please help
Thank you.

Download a copy of the Linux Network Administrators Guide. Section 18 discusses Sendmail, and how to prevent mail relays in general, and from specific hosts.

And how to find out who sent the spam?

Does XPanel provide logs files that let you check when users login? If so, you might be able to match that against the date/time the spam was sent (the sendmail log in /var/log/maillog should have that).

I'm assuming that your web server runs as apache and that the email address isn't an arbitrary one. Can you have a look and see whether apache is listed in /etc/mail/trusted-users as well as grepping /etc/mail/sendmail.cf and /etc/mail/submit.cf for lines that start with 'T' (for trusted users). For example:

Removing those lines will cause a warning to be entered in the mail logs when somebody mails with `sendmail -f`. The benefit of the warning is in auditing your logs - you can see what apache changed the address to. For example:

As far as stopping spam goes, can you reconfigure your setup so the To address can't be set by anyone else? I'm assuming that the users only need to contact a known set of people (support or other users for example).