Re: [exim] Spammer problems Need help

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Mike Ramirez
Datum:  
To: Andreas Steinmetz
CC: Exim User ML
Betreff: Re: [exim] Spammer problems Need help
On Fri, 2004-10-08 at 16:58, Andreas Steinmetz wrote:

<snip>
>
> Not a direct solution, but what about enforcing asmtp? If your spammer
> needs to authenticate it will be hard for him to cover up. For locally
> sent mail use modified applications that collect system information
> prior to sending of the mail. If necessary use mandatory access control.


Well we found the offending script. Its a very plain php script that
can use a db or not. It sends to a list from either mysql or emails
manually entered line by line in a text box on the page. So it sends as
nobody that way.
http://www.webhostingtalk.com/showthread.php?s=c50ffa6996dd6e6287609b0215f372fd&threadid=258294&highlight=security

We were told of this thread at Webhostingtalk and it will track email
from nobody and find the user and log it to /var/log/formmail.log. It
works for us with exim no editing to it even tho it says sendmail. But
some people have had mixed results with exim.



--
Mike Ramirez <mike@???>