OT: spammers are using my domain again

Mike Ramirez mike at thexxxhost.com
Sun Oct 10 22:12:14 UTC 2004


On Sun, 2004-10-10 at 11:02, Nifty Hat Mitch wrote:
> On Sat, Oct 09, 2004 at 03:54:15PM -0700, Mike Ramirez wrote:
> > On Thu, 2004-10-07 at 21:59, Trevor Smith wrote:
> > > So I'm getting tons of bounces because the spammers have ...
> ...
> 
> > hi Trevor and everyone who is reading this.  
> > I haven't read the full thread, yet, but I want to relate my
> > "adventures" of the two days to you guys.  I run a hosting company that
> > has similar packages to what Trevor is getting.  
> .....
> > area you put an email into line by line.  It also has a text box for the
> > sending address and everything else and attempts to write the headers
> > also.  One of the emails from Friday had a sub dir that it used for the
> ....
> > same code.  One called mailer.php in the root of the html dir and
> ....
> 
> Strange you should mention this.
> A friend of mine was telling me that there is a commonly
> used cgi tool that is used on many hosts to permit
> folks on the web to send feedback mail.
> 
> It has the apparent advanatage that it does not disclose the
> address of the account the mail is being sent to.

<gone>

ok what ended up happening is that it would send as
nobody at myhostname.domain because it was a php script.  Most use nobody
to send mail from php cgi scripts.  phpsuexec and suexec aren't an
option for us because then scripts need to change permissions.  Maybe on
a new box we can do that but on the old ones we would have to fix
hundreds of scripts to make it work right. 

I was pointed to a script to track which user send mail using nobody. on
webhostingtalk.com.  I will post the link bellow.  It will write the log
of which users use nobody to send mail.  Works with sendmail and exim
not sure if it does with postfix.  Exim is a little touchy with it mixed
results but we got it working with no tweaking.

http://www.webhostingtalk.com/showthread.php?s=c50ffa6996dd6e6287609b0215f372fd&threadid=258294&highlight=security




-- 
Mike Ramirez <mike at thexxxhost.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041010/b6e92c4d/attachment-0001.sig>


More information about the fedora-list mailing list