MailScanner and FormMail Exploits

Julian Field mailscanner at ecs.soton.ac.uk
Sat Dec 13 17:46:15 GMT 2003


At 17:13 13/12/2003, you wrote:
>I've noticed in our maillog that when web-based email forms are submitted
>they do not pass through MailScanner.
>
>I bring this up as a site I host recently had a spammer exploit (what was
>reported to be) a hack-proof perl based FormMail script. I became aware of
>this when the bounces and rejections started to arrive in the postmaster
>mailbox. In looking at the content of the spam message, it would have been
>caught as spam had it been intercepted by MailScanner.
>
>Is there a way to configure MailScanner and/or any of the rulesets so that
>submitted web-based forms run through the typical MailScanner checks?

Your problem is that you are running a fairly old sendmail and the form
handler code is invoking the sendmail binary directly. You either need to
configure it so that it talks SMTP to localhost to send its mail, or else
upgrade to a more recent sendmail that has the clientmqueue stuff.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list