By default, at least on the cPanel server that I run, the user nobody can send e-mails. This is both good and bad. It’s good from the aspect that most any type of PHP script that e-mails will work out of the box. Setting up WordPress sites, your e-mails will get thru for new user registration, comments left and whatever else you might have it e-mailing. It’s bad because someone who knows what they are doing can start using your server to spam (how they do this will be something you’ll have to find elsewhere!), which is not good. I found myself in this situation late last week and early this week. However I’ve taken some steps to curb the issue and I thought I’d pass this along to anyone else that might be looking for help on this. This image is what my mailbox looked like for a few days while I was researching the issue.
- Go into your WHM panel and go to Server Configuration->Tweak Settings. Click on the Mail tab and go down to the line that says “Prevent ‘nobody’ from sending mail”. By default this is off. Turn it to on and save your settings. If you still continue to get Mail Deliver System messages give it a bit of time. You should see them begin to tail off so you are not getting any of them. At least this has been my observation to date.
- Also in the same area turn on Track email origin via X-Source email headers. This will allow you to see if the scripts are coming from a php script and where.
However by turning the prevent nobody from sending mail, your WordPress will no longer send out e-mails because user nobody, who it was ending from previously, is not allowed. Additionally any custom PHP scripts that send e-mail, think contact forms, will need to be modified as well.
To fix WordPress you’ll need to install a plugin of some sort. The one I ended up selecting was WP Mail SMTP. It’s pretty straight forward to setup, but it helped right away with all of the bounced messages I was getting for WordPress.
For those PHP pages that send an e-mail I went with using the Swiftmailer package. You can install this into your own directory if you have very few sites, or if you have access you can install it as a PEAR module, which is the route that I took. I setup a script that I can copy and place into each site with a few modifications. The one thing I haven’t tried yet is setting up the script outside of the public folder. If you’d like a copy of that please leave a copy and let me know.
There are a couple of other things that have been recommended, but as of yet I haven’t tried them yet. If and when they do I’ll post an update here.