Yuppaduppa, Ruben Navarro Huedo wrote:
-----BEGIN PGP SIGNED MESSAGE-----
[...]
We don't know how, but are doing SPAM with our server using nobody account . we are using SASL + Sendmail 8.12.5 All is running 100% except that problem... SASL autetification is running ok. Nobody can do relay without autentification.
Apache (in many cases) runs as nobody or wwwrun, and FormMail uses sendmail on localhost, which always is allowed to relay mail. Check FormMail's homepage on http://www.scriptarchive.com/formmail.html for security references/updates, all FormMail versions released before April 19th 2002 have insufficient anti-relaying routines and should be upgraded a.s.a.p.
Please...could you help us?
A lot of thank's.
You can find my public key here: http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x03B7CCDF Linux Registered User 68452 (Nov/97) Ruben Navarro Huedo http://www.palotes.com eb5esx@eb5esx.ampr.org [...]
Boris ---