Hi All,
I have a client who has the latest version of formmail running (1.9)
Recently my logs filled up with stuff like this:
May 30 08:53:51 admin sendmail[1253]: g4UCrhd01251:
to=<alf428@xxxxxxxxxxx>www.pica.ws, ctladdr=jfalk (450/100),
delay=00:00:08, xdelay=00:00:04, mailer=esmtp, pri=871938,
relay=mailin-02.mx.aol.com. [64.12.137.89], dsn=5.1.1, stat=User unknown
May 30 08:53:51 admin sendmail[1253]: g4UCrhd01251:
to=<alf429@xxxxxxxxxxx>www.pica.ws, ctladdr=jfalk (450/100),
delay=00:00:08, xdelay=00:00:04, mailer=esmtp, pri=871938,
relay=mailin-02.mx.aol.com. [64.12.137.89], dsn=5.1.1, stat=User unknown
May 30 08:53:51 admin sendmail[1253]: g4UCrhd01251:
to=<alf42@xxxxxxxxxxx>www.pica.ws, ctladdr=jfalk (450/100),
delay=00:00:08, xdelay=00:00:04, mailer=esmtp, pri=871938,
relay=mailin-02.mx.aol.com. [64.12.137.89], dsn=5.1.1, stat=User unknown
May 30 08:53:54 admin sendmail[1253]: g4UCrhd01251:
to=<formmailtesting@xxxxxxxx> www.pica.ws, ctladdr=jfalk (450/100),
delay=00:00:11, xdelay=00:00:03, mailer=esmtp, pri=871938,
relay=tom.inbox.lv. [193.108.185.19], dsn=5.2.1, stat=User unknown
This appears to me to be someone using formmail to send spam (especially
that last message to formmailtesting@xxxxxxxx -- looks like the spammer
verifying that the formmail script works).
Yes/No?
How are they getting away with this? I've got the @referers set to
include only the client's domain and @recipients = @referers.
Needless to say I've rm'd the script until further notice.