[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Mail Bomb ... I'm stumped

Subject: Re: [cobalt-users] Mail Bomb ... I'm stumped
From: "tchong" <tchong@xxxxxxxxx>
Date: Thu Nov 21 19:52:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

>
> We've had a couple of strange incidents on a 4i. They
> appear to be deliberate mail bombs, but appear to be
> generated by httpd rather than coming from the
> outside.
>
> here's a sample of the email itself:
> ==start
> Return-Path: <httpd>
> Received: (from httpd@localhost)
>         by my.server.name (8.10.2/8.10.2) id
> gAK8Dvl11788;
>         Wed, 20 Nov 2002 19:13:57 +1100
> Date: Wed, 20 Nov 2002 19:13:57 +1100
> Message-Id: <200211200813.gAK8Dvl11788@xxxxxxxxxxxxxx>
> To: twit_with_horns@xxxxxxxxxxx
> Subject: Eat My Shit
> From: eat_this@xxxxxxxxxxxxxxxxxxxx
> Reply-To: eat_this@xxxxxxxxxxxxxxxxxxxx
>
>
> How are you twit?
> ==end
>
> The To/From/Reply-To/Subject and the content can vary.
>
>
>
> here's what the maillog is reporting:
> Nov 20 18:34:35 www  sendmail[1565]: gAK7YZf01565:
> from=httpd, size=260432, class=0, nrcpts=1,
> msgid=<200211200734.gAK7YZf01565@xxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Nov 20 18:34:35 www sendmail[1568]: gAK7YZQ01568:
> from=httpd, size=260432, class=0, nrcpts=1,
> msgid=<200211200734.gAK7YZQ01568@xxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Nov 20 18:34:36 www sendmail[1571]: gAK7YaR01571:
> from=httpd, size=260432, class=0, nrcpts=1,
> msgid=<200211200734.gAK7YaR01571@xxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Nov 20 18:34:37 www sendmail[1574]: gAK7YaF01574:
> from=httpd, size=260432, class=0, nrcpts=1,
> msgid=<200211200734.gAK7YaF01574@xxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Nov 20 18:34:37 www sendmail[1577]: gAK7YbK01577:
> from=httpd, size=260432, class=0, nrcpts=1,
> msgid=<200211200734.gAK7YbK01577@xxxxxxxxxxxxxx>,
> relay=httpd@localhost
>
>
> Both access and error logs report nothing of interest
> - no pl, cgi, asp or php being called at the time it
> started. Nothing in there but single html and image
> calls. Other logs, such as xfer, auth, fpexec, etc
> have nothing of note in them either.
>
> Does anyone have the slightest clue how this can be
> happening?

Have you actually tried to relay through your Formmail scripts, via the
browser?  If not you should see if you need to close that hole.  Also, you
can change the "$check_referer = 1" to "$check_referer = 0" in your Formmail
scripts; if applicable.

Tae C.

Follow-Ups:
- [cobalt-users] Re: Mail Bomb ... I'm stumped
  - From: Charlie Summers

References:
- [cobalt-users] Mail Bomb ... I'm stumped
  - From: Ursula

Prev by Date: Re: [cobalt-users] Mail Bomb ... I'm stumped
Next by Date: [cobalt-users] Re: Mail Bomb ... I'm stumped
Previous by thread: Re: [cobalt-users] Mail Bomb ... I'm stumped
Next by thread: [cobalt-users] Re: Mail Bomb ... I'm stumped

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index