Auteur: Jan Ingvoldstad Datum: Aan: exim users Onderwerp: Re: [exim] authenticating all users.
On Fri, Nov 30, 2012 at 10:34 AM, Cyborg <cyborg2@???> wrote:
> That's amateur spaming .. a nasty spam scripts forks itself of and uses
> it's own SMTP-engine to send mails. They do it for exactly the reason to
> hide the identity of the account they hacked. It's even worse sometimes,
> when the hacker stores the script via ftp, calls it via http and deletes it
> instantly via ftp again. If you run mod_php , your screwed so many times :)
>
You could run mod_php with a privilege separation module/patch for Apache,
such as MPM-ITK, that will ensure that user information is available again.
But in general, it's probably better to use suphp.
And hey, you can use perlscripts for spamming too, bypassing the little > protection php setups can give you :) if perl isn't available use ruby or
> python.
>
> it would be cool, if the firewall rules would implement a UID option ..
> allow port 25 connections only if uid is in ( 0, 93 ) . That would really
> help.
>
Another mitigation technique is to pass all outgoing messages through a
smarthost, and disallow port 25 connections to anything but localhost. The
smarthost can then employ rate limiting and other rules to delay spam (and
of course, a risk of delaying legitimate email).
--
Jan