Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] spam - acting as a relay
  • From: Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>
  • Date: Thu, 24 Jan 2002 10:21:07 +0100
  • Message-id: <3C4FD203.7020204@xxxxxxxxxxxxxx>
Hi Delia,

if it is via php, then try to find php-files with the expression "mail" in it. You can adapt these files to only allow mail to specified recipients. Or, if this is impossible, try to find out from where the form is submitted and restrict it to your server. No one will fill out 1000 forms to send 1000 spam Mails. Although - it is not impossible to write a script that still does it. But probably it's more work than finding another relay.

Best regards,

Ralf


Delia Wakelin wrote:

I have recently been informed that my machine is relaying spam.Need some help to identify the problem.
I have had sendmail switched off on a suse 7.3 machine.

here is the gist of the problem - my machine aaa.bbb.cc.dd.

It seems they are using wwwrun - does that mean it is via php?
Where and how should I block this

--->
*******************************************************Since your system
relays/originates SPAM, we are
blocking all mail from it. (wwwrun@xxxxxxxxxxxxxxx [aaa.bbb.cc.dd])
When appropriate measures are implemented please
inform postmaster@xxxxxxxxxx and the block
will be removed.
Postmaster
*******************************************************
Return-Path: <424848@xxxxxxxxx>
Received: from bn.com.br (wwwrun@xxxxxxxxxxxxx [aaa.bbb.cc.dd])
by UOttawa.CA (8.9.1/8.9.1) with SMTP id NAA192930
for Tue, 22 Jan 2002 13:13:31 -0500
Date: Tue, 22 Jan 2002 13:13:31 -0500
From: 424848@xxxxxxxxx
Reply-To: <424848@xxxxxxxxx>
Message-ID: <002a84a53bee$8847c4d2$7dc15ac6@mhrsyg>
To: Smart.Investors
Subject: What's next for the stock market?
MiME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700

===============================================================
''''''
====================
This email advertisement is sent out to those who subscribed
on our web site or one of our many affiliated web sites. If you received this email in error or you would like to opt-out
from our database, please go to the following:
mailto:mayblater@xxxxxxxxxxxxxx

[2669gYQK6-198CUmg0349yrLD6-700VpH@31]

-------<




--
------------------------------------------------------------
Ralf Ronneburger
ralf@xxxxxxxxxxxxxx

Prefers to receive encrypted Mail, download public-key from
http://www.ronneburger.net/gpg/ralf_ronneburger.asc
------------------------------------------------------------


< Previous Next >
References