Re: localhost forged
- From: Bill Cole <bill@xxxxxxxxxxxxx>
- Date: Sun, 26 Feb 2006 15:05:03 GMT
In article <1140959133.739433.81600@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"larsk" <larskman@xxxxxxxxx> wrote:
Right, that what i was thinking an hour ago too. That I would not have
this issue if I redesign the network with 2 mail servers. One for
incoming mail and one for outgoing. On the incoming I can block
loopback so that what no one can generate local mail via telnet to 25.
and outgoing will not allow incoming connections from the internet.
But I don't think the problem relates to why the web server is able to
send mail. I think the problem is that someone/script kiddies telnet to
my box on 25 and sent mail locally which this will explain why i see
the relay as 127.0.0.1.
No, that wouldn't show up as coming from 127.0.0.1, but from wherever
they are coming from.
Someone has cracked your machine for use as a spam sender. For web
servers, the most common paths for this are sloppy CGI scripts (e.g.
Matt Wright's formmail) and poorly-maintained and poorly-written PHP
applications.
--
Now where did I hide that website...
.
- Follow-Ups:
- Re: localhost forged
- From: larsk
- Re: localhost forged
- References:
- localhost forged
- From: larsk
- Re: localhost forged
- From: Marco Senft
- Re: localhost forged
- From: larsk
- localhost forged
- Prev by Date: Re: localhost forged
- Next by Date: Copying all messages to a different mail server and account
- Previous by thread: Re: localhost forged
- Next by thread: Re: localhost forged
- Index(es):
Relevant Pages
|