On Fri, 2004-10-08 at 16:58, Andreas Steinmetz wrote:
<snip>
>
> Not a direct solution, but what about enforcing asmtp? If your spammer
> needs to authenticate it will be hard for him to cover up. For locally
> sent mail use modified applications that collect system information
> prior to sending of the mail. If necessary use mandatory access control.
Well we found the offending script. Its a very plain php script that
can use a db or not. It sends to a list from either mysql or emails
manually entered line by line in a text box on the page. So it sends as
nobody that way.
http://www.webhostingtalk.com/showthread.php?s=c50ffa6996dd6e6287609b0215f372fd&threadid=258294&highlight=security
We were told of this thread at Webhostingtalk and it will track email
from nobody and find the user and log it to /var/log/formmail.log. It
works for us with exim no editing to it even tho it says sendmail. But
some people have had mixed results with exim.
--
Mike Ramirez <mike@???>
