[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [OT] Email spam

Subject: RE: [cobalt-users] [OT] Email spam
From: "Jolley, Carl" <Carl.Jolley@xxxxxxx>
Date: Tue Aug 27 10:45:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----Original Message-----
From: Andy Jacobs 
Sent: Tuesday, August 27, 2002 8:20 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] [OT] Email spam




> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Andy Clyde,
> oxfordmusic.net
> Sent: 27 August 2002 12:50
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] [OT] Email spam
>
>
> > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > >
> > > > >
> > > > > very off-topic i know but if someone could point me in the right
> place
> > > for
> > > > > an answer i'd be most grateful, otherwise just delete...
> > > > >
> > > > > one of my clients has had his email hijacked for spam about
> > > Viagra. i've
> > > > > checked our server and it doesn't seem to be coming through us (i
> ran
> > > 'cat
> > > > > maillog | grep viagra' and nothing showed up, plus our IP does not
> > > feature
> > > > > in the email headers). is there anything we can do about this, or
> are
> > > they
> > > > > just forging the email header and we have to put up with
> it. we only
> > > found
> > > > > out coz our client got 1000 bounce back emails this morning.
> > > > >
> > > > > much obliged
> > > >
> > > > They're not using the FormMail exploit are they?
> > > >
> > >
> > > wouldn't that still show up in the maillog?
> >
> > I'm not sure about that.  It would show up in the web logs for the site
> > though.  Something like this:
> >
> >
> http://www.domain.com/cgi-bin/formmail.pl?recipient=fred@theflints
tones.com&
> message=Buy%20viagra
>

> don't think it is that since the domain name they're using doesn't have
> FormMail. i double checked the access log for that virtual site and
there's
> nothing there.

> andy

I guess that precludes that one then.  It was just a thought as I had a
similar thing a week or so ago.  half a MILLION e-mails later and 150 megs
worth of bounced messages and my mail server stopped responding...funny
that...NOT!
-----------------------------

No, it doesn't. The domainname showing up on the outgoing e-mail
can be forged and the corresponding virtual host doesn't have to
have a formmail script. Any formmail script on _any_ virtual host
will be sufficient. And scanning the access log of only certain
virtual host won't necessarily find the problem. The web log
for the _entire_ machine has to be searched.

Follow-Ups:
- RE: [cobalt-users] [OT] Email spam
  - From: Jonothon Ortiz

Prev by Date: RE: [cobalt-users] [OT] Email spam
Next by Date: [cobalt-users] Frontpage extensions acting up
Previous by thread: RE: [cobalt-users] [OT] Email spam
Next by thread: RE: [cobalt-users] [OT] Email spam

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index