[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [RAQ 4] [Neomail] [open relay]

Subject: RE: [cobalt-users] [RAQ 4] [Neomail] [open relay]
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Thu May 16 03:01:55 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> No. I think Gerald was suggesting one of your customers might 
> be using Matt Wrights FormMail script which is very easy to 
> exploit and send tons of spam through. Shell into your box 
> and do a locate FormMail. Also, try digging around the Apache 
> logs for signs of FormMail.
> 

One more option is to run tail -f /var/log/maillog from a root prompt
and see if you are seeing lots of email going out.
Look for from=httpd or httpd@localhost or username@localhost. The
username will tell you what user on what site owns the script sending
the mail. Then if it's a script, you should be able to track it down.
-- 
Dan Kriwitsky

References:
- Re: [cobalt-users] [RAQ 4] [Neomail] [open relay]
  - From: Jay Summers

Prev by Date: Re: [cobalt-users] OpenSSH
Next by Date: Re: [cobalt-users] SMTP protecting from relay
Previous by thread: Re: [cobalt-users] [RAQ 4] [Neomail] [open relay]
Next by thread: Re: [cobalt-users] [RAQ 4] [Neomail] [open relay]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index