Re: [Exim] how to trace user mailsending mails as "nobody"

Pàgina inicial
Delete this message
Reply to this message
Autor: Sandip Bhattacharya
Data:  
A: Exim Users List
Assumpte: Re: [Exim] how to trace user mailsending mails as "nobody"
On Wed, 30 Jun 2004 16:04:13 -0400 (EDT), Ravi <ravi@???> wrote:
> 1.On my shared hosting (cpanel) , One user sending mails(spam)
> as 'nobody'. Is there any way to trace that username , so i can delete
> him/her.
>
> example log:
> 2004-06-27 13:18:07 1Beg6H-0003ay-Gp <= contact@???
> U=nobody P=local S=4763
>
> he is using fake from address. please help


Use Apache + suexec (for perl and other cgi). Use mod phpsuexec (for
php programs). All perl and php programs will then run with users
privileges. All these options are available under the advanced options
of easyapache.

>
> 2.Is there any way to stop scripts like perl to send mails using by
> connecting
> directly port number 25 (ignoring mail server) ?



Most common perl programs like formmail send mail by piping it to
/usr/sbin/sendmail or the like. These connections will be logged using
the userid if you use apache suexec.

About sending mails via smtp, localhost or not, if you have smtp auth
running for even your loopback, then userid logging should not be a
problem.

The only last thing that you need to do(and I dont know myself yet),
is a way of throttling mail deliveries per user to a specified max
number of deliveries per hour. This will effectively stop all abuse of
mail service by local users. Instead of getting into a wrangling with
the customer about how much resource he is using, it is better to cite
him a server policy of number of deliveries per hour per user. I wish
I can figure this out.

- Sandip

--
Sandip Bhattacharya
sandip (at) puroga.com
Puroga Technologies Pvt. Ltd.
Work: http://www.puroga.com        Home: http://www.sandipb.net


GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3