[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Spammer sending from httpd on our RaQ3

Subject: Re: [cobalt-users] Spammer sending from httpd on our RaQ3
From: Parker Morse <morse@xxxxxxxxxxx>
Date: Wed Dec 12 09:53:05 2001
Organization: Sinauer Associates, Inc.
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Paul:
> Someone is sending spam via one of our RaQs, they've apparently found a
> way to send mail as if it were coming from the http daemon.  Not sure
> just how to disable this, particularly in a way that the GUI won't
> re-enable next time we add an email account.  Any ideas?
> 
> We've always kept the machine up to date with patches from Cobalt.  No
> indication of any hacks to the machine.

Recent reading on news.admin.net-abuse.email suggests that there's a hole in
formmail.pl, a popular form-to-mail CGI. Anyone on your RaQ using it? Have
they upgraded to the most-recent version?
<http://worldwidemart.com/scripts/formmail.shtml> - note the "Security
Update" message at the top of the page.

pjm

Follow-Ups:
- RE: [cobalt-users] Spammer sending from httpd on our RaQ3
  - From: Paul Johnson

References:
- [cobalt-users] Spammer sending from httpd on our RaQ3
  - From: Paul Johnson

Prev by Date: RE: [cobalt-users] Spammer sending from httpd on our RaQ3
Next by Date: RE: [cobalt-users] Spammer sending from httpd on our RaQ3
Previous by thread: [cobalt-users] Spammer sending from httpd on our RaQ3
Next by thread: RE: [cobalt-users] Spammer sending from httpd on our RaQ3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index