On Fri, Nov 30, 2012 at 10:34 AM, Cyborg <[email protected]> wrote:
> That's amateur spaming .. a nasty spam scripts forks itself of and uses > it's own SMTP-engine to send mails. They do it for exactly the reason to > hide the identity of the account they hacked. It's even worse sometimes, > when the hacker stores the script via ftp, calls it via http and deletes it > instantly via ftp again. If you run mod_php , your screwed so many times :) > You could run mod_php with a privilege separation module/patch for Apache, such as MPM-ITK, that will ensure that user information is available again. But in general, it's probably better to use suphp. And hey, you can use perlscripts for spamming too, bypassing the little > protection php setups can give you :) if perl isn't available use ruby or > python. > > it would be cool, if the firewall rules would implement a UID option .. > allow port 25 connections only if uid is in ( 0, 93 ) . That would really > help. > Another mitigation technique is to pass all outgoing messages through a smarthost, and disallow port 25 connections to anything but localhost. The smarthost can then employ rate limiting and other rules to delay spam (and of course, a risk of delaying legitimate email). -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
