Jump to content

Who Knows Email?

krimster

By krimster
in Using WHMCS

 Share

Recommended Posts

krimster Member

krimster

Posted
Posted

Ow, another stupid email question, but this driving me nuts.

 

No emails are being sent, whether it's one I do manually thru the admin cp or whenever. Happens for both php and smtp. With smtp I get "An error has occured", with php I get a success message, but no email.

 

Errors: unrouteable mail domain "gmail.com", and that goes for any domain I send to. The server looks okay, and mail works outside of WHMCS.

 

Any ideas, really this is a problem, and I know it's most likely something I've done wrong.

 

Thanks, Lena

0
Link to comment
Share on other sites
krimster Member

krimster

Posted
  • Author
Posted

Okay, so I found the issue, but not a solution.

 

In WHM, under tweak, there was this:

 

Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)

 

When unticked it works. But in WHMCS I have the emails set to a valid address, why would I get this? And is there something in WHM to change, or is it an issue with WHMCS?

0
Link to comment
Share on other sites
Adam Senior Member

Adam

Posted
Posted

Hey,

 

You do not have PHPsuEXEC installed with Apache and PHP. All php scripts by default run under the user nobody. So if you have that option on. Anyone on the server trying to send mail via php script will not work.

 

Not a WHMCS problem, but a WHM problem.

 

From,

Adam

0
Link to comment
Share on other sites
  • 2 weeks later...
brianoz Senior Member

brianoz

Posted
Posted

On another note, it's absolutely essential to run phpsuexec on the server you run WHMCS on. Without it, it's fairly easy for a hacker to get complete access to all your servers through your WHMCS databases.

 

No kidding, I'm certain of this, and it's a problem shared by all billing systems, definitely not a problem in WHMCS. If you haven't switched to phpsuexec or similar do it now. :)

0
Link to comment
Share on other sites
xTiNcTion Member

xTiNcTion

Posted
Posted

Hi brianoz,

On another note, it's absolutely essential to run phpsuexec on the server you run WHMCS on. Without it, it's fairly easy for a hacker to get complete access to all your servers through your WHMCS databases.

 

No kidding, I'm certain of this, and it's a problem shared by all billing systems, definitely not a problem in WHMCS. :)

have you talked to Matt about issues you found? would you share it with us? or pm me?

 

PD: I run on PHPsuEXEC yee haw!!!

0
Link to comment
Share on other sites
Adam Senior Member

Adam

Posted
Posted
On another note, it's absolutely essential to run phpsuexec on the server you run WHMCS on. Without it, it's fairly easy for a hacker to get complete access to all your servers through your WHMCS databases.

 

No kidding, I'm certain of this, and it's a problem shared by all billing systems, definitely not a problem in WHMCS. If you haven't switched to phpsuexec or similar do it now. :)

 

Hey,

 

PHPsuEXEC does not make the server more secure then with out it. PHPsuEXEC makes the default PHP module run under the user and not as the default user nobody. What people think makes their server more secure is the fact that all folders and files can't have a CHMOD of no more then 755. As 777 anyone can write into those folders or files.

 

However you can still get hacked even when running PHPsuEXEC, if one of your websites hosted on their has an upload tool, files can be easily uploaded and stored in the /tmp directory of your server, or even ran in the uploaded folder. c90shell scripts or root kits can still be ran. PHPsuEXEC only makes it so you can't have no folder of files greater then 755 on your server. Making /tmp nonexec and installing other tools is what you really should be doing....

 

From,

Adam

0
Link to comment
Share on other sites
brianoz Senior Member

brianoz

Posted
Posted

The server is more secure, by simple virtue of the fact that users can't look at each other's files and steal database (and other) passwords. Without phpsuexec, if there are 200 accounts on the server, there are 200 chances everyone's sites will be open to being hacked.

 

It is of course NOT an instant security cure, just a vital part of an overall strategy which should also involve something like csf+lfd ("intrusion detection" etc) and something like mod_security, and updating packages regularly (and banning things like phpbb from the server).

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept