Slightly OT - Exim / Apache

Rick Cooper rcooper at DWFORD.COM
Thu Dec 8 22:26:47 GMT 2005


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Michele Neylon :: Blacknight Solutions
> Sent: Thursday, December 08, 2005 4:59 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Slightly OT - Exim / Apache
>
>
> Over the last few weeks the number of attacks on forms hosted on
> our servers
> has reached new levels
> Unfortunately the user id for the mail is set to apache, which makes
> tracking down the domain / user who has the vulnerable script very awkward
>
> I know there are solutions for sendmail which allow you to setup
> some way of
> tracing it back easily, but we haven't found any such solution
> for exim...
> (we may be looking in the wrong places!)
>
> If anybody has any such solution I would really appreciate them sharing a
> link
>

When you say userid do you mean the local part of the sender address?
are the domain parts of the sender addresses not different
Are they on the same box as the mail service or another host?
What does the logging look like?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list