Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 01-13-2006, 03:19 PM   #1
Registered: Oct 2005
Location: localhost.localdomain
Distribution: CentOS
Posts: 109

Rep: Reputation: 16
how to find out what account sent spam?


I have XPanel on my server. PHP is runing in safe mode. I use the server to host my and my friends websites using XPanel. XPanel runs with PHP in safe mode. Someone sent a lot of spam from my server and I received an email from the provider saying that if this will be repetead I will lose my hosting of the server. As MTA I use sendmail.

Please tell me how can I find out what XPanel user sent the spam, all mails was sent from Every XPanel account runs under its UID.

Also how can I prevent sending spam and how can I disable sending mail from user and will this affect the sending of mails through PHP function mail() of other users that do not send spam.

Please help
Thank you.
Old 01-13-2006, 04:47 PM   #2
LQ Addict
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian stable
Posts: 5,908

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Download a copy of the Linux Network Administrators Guide. Section 18 discusses Sendmail, and how to prevent mail relays in general, and from specific hosts.
Old 01-13-2006, 04:51 PM   #3
Registered: Oct 2005
Location: localhost.localdomain
Distribution: CentOS
Posts: 109

Original Poster
Rep: Reputation: 16
And how to find out who sent the spam?
Old 01-13-2006, 04:53 PM   #4
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 166Reputation: 166
Does XPanel provide logs files that let you check when users login? If so, you might be able to match that against the date/time the spam was sent (the sendmail log in /var/log/maillog should have that).

I'm assuming that your web server runs as apache and that the email address isn't an arbitrary one. Can you have a look and see whether apache is listed in /etc/mail/trusted-users as well as grepping /etc/mail/ and /etc/mail/ for lines that start with 'T' (for trusted users). For example:

grep '^Tapache' /etc/mail/*cf
Removing those lines will cause a warning to be entered in the mail logs when somebody mails with `sendmail -f`. The benefit of the warning is in auditing your logs - you can see what apache changed the address to. For example:

Jan  9 09:06:18 fender sendmail[13644]: k08N6IKU013644: Authentication-Warning: apache set sender to using -f
As far as stopping spam goes, can you reconfigure your setup so the To address can't be set by anyone else? I'm assuming that the users only need to contact a known set of people (support or other users for example).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
system account or user account??? yenonn Linux - Newbie 6 05-10-2006 07:49 PM
cyrus email account linux account nobu Linux - Enterprise 0 10-31-2005 03:16 AM
htaccess -- Apache can't find account exactly in htpasswd -- please help b:z Linux - Networking 7 05-16-2005 05:47 AM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 08:35 AM
What other anti-spam for Linux that can be used, other than Spam assassin? johnportiz Linux - Software 6 01-27-2004 03:17 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:52 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration