On Thu, 8 Sep 2005, Gururajan Ramachandran wrote:
> It appears somebody has figured out how to inject email into our queue
> via the web account.
Sounds like you have a vulnerable CGI script.
> However, I would like to put in a check to make sure at the exim4 side.
> I would like to put in a check to make sure that if the sender email
> address has our domain anywhere in it and the email originating
> machine's ip address is not in our local area network, then reject the
> email.
If the above is correct, this will not help at all.
The default Exim configuration file is not particularly easy to break in
such a way that Exim becomes an open relay, so I think you should leave
Exim alone and concentrate on your web site.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
