Matt Staroscik wrote:
>> 2004-04-22 16:24:36 curryrenee@??? <CurryRenee@???>
>> F=<> P=<> R=dnslookup T=remote_smtp: SMTP error from remote mailer after
>> RCPT TO:<CurryRenee@???>: host mta3.snet.net [204.60.203.69]:
>> 553 5.3.0 <CurryRenee@???>... Addressee unknown,
>> relay=[216.231.43.85]
someone sent a user on your system email with from: curryrenee@???
you rejected it and got this in response - unknown user.
> I think that my weblog app (Geeklog) might be to blame, it had a form->mail
> gateway which may have been exploited. I have shut it down, and I can't
> think of any other web services that might be to blame, but how can I
> investigate the origin of this message? Fortunately this has only been
> going on for a day or so.
very likely. geeklog and most php based blog scripts, as well as several
older cgi form to email scripts, can be - and have been - exploited by
spammers to send out junk mail.
upgrade geeklog and turn off email notifications just to be on the safer
side.
srs
--
linux@??? (Suresh Ramasubramanian)
jaharkes@ravel:/usr/src$ mv linux Gnu/Linux
mv: cannot move `linux' to `Gnu/Linux': No such file or directory
jaharkes @ cs.cmu.edu in reply to RMS on linux.kernel
