[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] [OT] Email spam
- Subject: RE: [cobalt-users] [OT] Email spam
- From: "Jolley, Carl" <Carl.Jolley@xxxxxxx>
- Date: Tue Aug 27 10:27:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
-----Original Message-----
From: Andy Clyde, oxfordmusic.net [mailto:andy.clyde@xxxxxxxxxxxxxxx]
Sent: Tuesday, August 27, 2002 6:41 AM
To: Cobalt Users
Subject: [cobalt-users] [OT] Email spam
very off-topic i know but if someone could point me in the right place for
an answer i'd be most grateful, otherwise just delete...
one of my clients has had his email hijacked for spam about Viagra. i've
checked our server and it doesn't seem to be coming through us (i ran 'cat
maillog | grep viagra' and nothing showed up, plus our IP does not feature
in the email headers). is there anything we can do about this, or are they
just forging the email header and we have to put up with it. we only found
out coz our client got 1000 bounce back emails this morning.
--------------------------
Have you bothereed to _look_ at maillog? The last time I looked,
no information about subjects was included. Your server could be
sending thousnads of e-mails with viagra in the subject line
and the word would not appear even once in your maillog. If this is the
formmail exploit, you will need to look in your web log file, e.g.
/home/log/httpd/access to see the incoming spam. Then look in your
cgi-bin directories for formmail scripts. If you find any, either remove
them, rename them or upgrade them with either newere, harderned versions
or with alternative products. A simple web search on "formmail" will give
you lots of hits about this problem.