As far as I know version 1.9 of FormMail.pl is safe as long as it is properly configured (and the instructions are very clear). You have to configure a list of allowed recipients. If anyone knows different I would like to hear. Bob On Sat, 25 May 2002, Evert Smit wrote:
That's excatly what i just found !!!! one of my customers has been using it. i shut it down now.
thanks for the input. greatly apreciated.
regards Evert
-----Original Message----- From: Reto Inversini [mailto:inversini@datacomm.ch] Sent: Saturday, May 25, 2002 1:41 PM To: suse-security@suse.com Subject: Re: [suse-security] Spamming under sendmail 8.11 TLS
Hi,
You don't have a webserver running on this box? ... perhaps with a vulnerable cgi-script such as the infamous formail.pl?
Best regards
Reto Inversini
----- Original Message ----- From: "Evert Smit" <admin@sidhe.net> To: <suse-security@suse.com> Sent: Saturday, May 25, 2002 1:16 PM Subject: [suse-security] Spamming under sendmail 8.11 TLS
Hey all,
i found something today, which caused me a wry grin. i am using
sendmail tls
8.11 on a suse 7.3 box. According to http://www.abuse.net/cgi-bin/relaytest the server does not allow relay.
and now i am gettig massive postmaster mails from te box, each claiming the same
the original message was received at Sat, 25 May 2002 12:18:55 +0200 from nobody@localhost with id g4PAItb19508
mail header message. anyone know what this is about?
regards Evert Smit
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691