What all is log in the email logs? Yeah, I've never had to look at these, lucky me someone else does that. But this appears in teh email header
X-Mailer: ColdFusion MX Application Server might help your afternoon of grepping DK On 3/15/06, Steve Nguyen - Anumina.com <[EMAIL PROTECTED]> wrote: > It's hard to find the script because we have several hundred hosting > customers on this particular server. Even if the cfmail scripts are > properly coded to prevent email injection, the spammer might actually be a > regular customer just abusing his account. I will look into those programs > to see if they can help me monitor the cfmail usage. Mail server logs don't > help because it just shows the web server as the sender. > > -----Original Message----- > From: Robertson-Ravo, Neil (RX) > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 15, 2006 1:23 PM > To: CF-Server > Subject: Re: CFMAIL Abuse > > Well, if you know it is a customers script then you should be well placed to > find out what script is triggering it. > > You could log all ColdFusion calls using FusionReactor or SeeFusion or could > simply log what goes in and out of your mail server and block any bogus > relays. > > What business are you in? You could disble cfmail for a short period :-) > > N > > > > > > > "This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, > Registered in England, Number 678540. It contains information which is > confidential and may also be privileged. It is for the exclusive use of the > intended recipient(s). If you are not the intended recipient(s) please note > that any form of distribution, copying or use of this communication or the > information in it is strictly prohibited and may be unlawful. If you have > received this communication in error please return it to the sender or call > our switchboard on +44 (0) 20 89107910. The opinions expressed within this > communication are not necessarily those expressed by Reed Exhibitions." > Visit our website at http://www.reedexpo.com > > -----Original Message----- > From: Steve Nguyen - Anumina.com <[EMAIL PROTECTED]> > To: CF-Server <[email protected]> > Sent: Wed Mar 15 18:15:15 2006 > Subject: RE: CFMAIL Abuse > > Thanks for your reply Mike. The problem is that it isn't our form script, > it's one of our customer's script. It may not even be email injection - it > may be a customer just abusing the cfmail tag to spam, but I can't figure > out who it is because the domain's he's using is from some other host. If > there's a way to tell what script the cfmail command came from, I'd be set. > I've run a search on all scripts on the server for the email addresses and > content, but came up with nothing, so I'm assuming they have it all in a > database. > > -----Original Message----- > From: Mike Chytracek [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 15, 2006 1:06 PM > To: CF-Server > Subject: RE: CFMAIL Abuse > > If you are using cfmail to send a form submission, check the referrer to > make sure that the form is actually posting and not a user with their own > script. > > One thing we have done is place a log on every script that uses the cfmail > tag so we can track the usage independent of client. Sucks if you have A > LOT of files using cfmail. > > But an ounce of prevention.... > > Mike > > ----- > > NOTE: Sorry, i had posted this earlier to the wrong forum =( > > We are experiencing a problem with a spammer using CFMAIL to send out spam. > I don't know if it's a direct customer or someone using email injection on a > customer's site. The mail logs only show when, who, where and what was > emailed, but I need to figure out who's scripts are being run that is doing > this. The CF logs don't help. Is there a way to find out who's abusing the > cfmail tag? The only thing I can do is add filters on the mail server to > prevent the email from going through, but the spammer just keeps changing > his domain name and content. Any ideas on how to fight this? > > ://www.houseoffusion.com/tiny.cfm/54 > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5868 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.10 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
