Surpass Web Hosting Forums - View Single Post - An informing and fun read about phpsuexec

**mr_fern** · March 24th, 2006, 2:28 PM

No it's not kickers. That's only what the recipient of the e-mail would see, and even they still get the original sender in the full headers.

Exim stats will tell you who the relayer is, which in the case of mod_php, is always "nobody

{server_name}". With phpsuexec, the relayer will be "{account_name}

{server_name}"

Here's an example of finding out the real sender:

Here's the headers from a Surmunity E-mail. I removed most of it that wasn't important to the point.

Quote:

X-Originating-IP: [72.29.64.58]
Return-Path: <nobody

mirror.dizinc.com>
Authentication-Results: mta102.mail.re2.yahoo.com
from=surmunity.com; domainkeys=neutral (no sig)
Received: from 72.29.64.58 (EHLO mirror.dizinc.com) (72.29.64.58)
by mta102.mail.re2.yahoo.com with SMTP; Fri, 24 Mar 2006 00:42:20 -0800
Received: from nobody by mirror.dizinc.com with local (Exim 4.52)
id 1FMhsB-0005jF-0N
for nferno69ny

yahoo.com; Fri, 24 Mar 2006 03:42:19 -0500
To: nferno69ny

yahoo.com
Subject: New Private Message at Surpass Forums
From: "Surpass Forums" <hello

surmunity.com>

Return path will now be the username instead of nobody. And mirror.dizinc.com would receive it from username instead of nobody.

Even though it says From hello

surmunity.com, it's still sent by nobody

mirror.dizinc.com