Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
FW: [suse-security] sendmail spam
  • From: rutger <rutger@xxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 06 Aug 2002 12:40:56 +0200
  • Message-id: <B9757458.247A%rutger@xxxxxxxxxxxxxxxxxxx>
hello list,
yes, it seems, that this is the case.
i didnt get it in the first place, cause i never
heard of that possibility. i thought it was a problem
with the mailservers config.
thanx to jan l. for the hint, i will check that out.
have a nice day, rutger

----------
Von: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
Datum: Tue, 6 Aug 2002 12:08:51 +0200
An: suse-security@xxxxxxxx
Betreff: Re: FW: [suse-security] sendmail spam

On Tuesday 06 August 2002 12:14, rutger wrote:
> hello peter,
> do you mean formmail.pl??
> and do you think then someone is using an
> formular on one of our server's webpages??
> but how could that possibly be relayed??

Do you have a web page that sends mail to someone at your company, say a
"contact us" page, for instance? And does that page store the "to" address
in
the html, in a hidden variable? If that's the case, all a person has to do
is
use "...&mailto=foo@xxxxxxx&..." to send the mail to foo@xxxxxxx through
your
server.

Compare the mail log with the web server's access log. That might show you
which page on your server has been used

regards
Anders

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here



< Previous Next >
References