Re: [exim] authenticating all users.

Top Page
This message is part of the following thread:
M---\the complete thread tree sorted by date
M++\MCyborg at <-
MMMMGraeme Fowler at ->
Delete this message
Reply to this message
Author: Jan Ingvoldstad
Date:  
To: exim users
Subject: Re: [exim] authenticating all users.
On Fri, Nov 30, 2012 at 10:34 AM, Cyborg <cyborg2@???> wrote:

> That's amateur spaming .. a nasty spam scripts forks itself of and uses
> it's own SMTP-engine to send mails. They do it for exactly the reason to
> hide the identity of the account they hacked. It's even worse sometimes,
> when the hacker stores the script via ftp, calls it via http and deletes it
> instantly via ftp again. If you run mod_php , your screwed so many times :)
>

You could run mod_php with a privilege separation module/patch for Apache,
such as MPM-ITK, that will ensure that user information is available again.

But in general, it's probably better to use suphp.

And hey, you can use perlscripts for spamming too, bypassing the little
> protection php setups can give you :) if perl isn't available use ruby or
> python.
>
> it would be cool, if the firewall rules would implement a UID option ..
> allow port 25 connections only if uid is in ( 0, 93 ) . That would really
> help.
>

Another mitigation technique is to pass all outgoing messages through a
smarthost, and disallow port 25 connections to anything but localhost. The
smarthost can then employ rate limiting and other rules to delay spam (and
of course, a risk of delaying legitimate email).
--
Jan
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] regardiung default option rfc1413_query_timeoutRe: [exim] authenticating all users.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)