Is someone spamming through me?
Rob Morin
rob at thehostmasters.com
Wed Apr 26 14:04:44 IST 2006
I have had this experience many times..... and it was always the same
answer. An exploitable PHP script allows a bad person to spam via your
server, the return address is your servers web user probably and that is
probably aliased to you..... so you get all the bounces....
Its hard to fin these scripts... this is why in MS i make sure that i
scan all outgoing mail too, especially from root or the web user...
If you do a mailq, who are the emails from? nobody, www-data, apache? if
so then its is a bad script of sorts that allows "\n or \r" in the input
variables....
i suggest you use modsecurity for Apache... it will help, and make sure
that your clients use Variable input validation!
My 2 cents!
Rob Morin
Dido InterNet Inc.
Montreal, Canada
Http://www.dido.ca
514-990-4444
Jody Cleveland wrote:
> Hello,
>
> I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server.
>
> Yesterday, I got over 5000 bounce messages from the server, all messages
> trying to be send to a zipmail.com.br domain. In my logwatch message
> this morning, I noticed this:
>
> 120343658 bytes transferred
> 53041 messages sent
> 1 messages expired and returned to sender
> 5 resent messages
> 20271 messages removed from queue
>
> I checked my server here: http://www.abuse.net/relay.html and all tests
> for being an open relay were negative.
>
> Any ideas what may be wrong?
>
> - jody
>
More information about the MailScanner
mailing list