On Sun, 2004-10-10 at 11:02, Nifty Hat Mitch wrote: > On Sat, Oct 09, 2004 at 03:54:15PM -0700, Mike Ramirez wrote: > > On Thu, 2004-10-07 at 21:59, Trevor Smith wrote: > > > So I'm getting tons of bounces because the spammers have ... > ... > > > hi Trevor and everyone who is reading this. > > I haven't read the full thread, yet, but I want to relate my > > "adventures" of the two days to you guys. I run a hosting company that > > has similar packages to what Trevor is getting. > ..... > > area you put an email into line by line. It also has a text box for the > > sending address and everything else and attempts to write the headers > > also. One of the emails from Friday had a sub dir that it used for the > .... > > same code. One called mailer.php in the root of the html dir and > .... > > Strange you should mention this. > A friend of mine was telling me that there is a commonly > used cgi tool that is used on many hosts to permit > folks on the web to send feedback mail. > > It has the apparent advanatage that it does not disclose the > address of the account the mail is being sent to. <gone> ok what ended up happening is that it would send as nobody@xxxxxxxxxxxxxxxxx because it was a php script. Most use nobody to send mail from php cgi scripts. phpsuexec and suexec aren't an option for us because then scripts need to change permissions. Maybe on a new box we can do that but on the old ones we would have to fix hundreds of scripts to make it work right. I was pointed to a script to track which user send mail using nobody. on webhostingtalk.com. I will post the link bellow. It will write the log of which users use nobody to send mail. Works with sendmail and exim not sure if it does with postfix. Exim is a little touchy with it mixed results but we got it working with no tweaking. http://www.webhostingtalk.com/showthread.php?s=c50ffa6996dd6e6287609b0215f372fd&threadid=258294&highlight=security -- Mike Ramirez <mike@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part