[EMAIL PROTECTED] (Raju Mathur) [Friday, August 09, 2002 3:27 AM]: >>>>>> "Devdas" == Devdas Bhagat <[EMAIL PROTECTED]> writes: > Devdas> Or could you be much more specific about what you are > Devdas> trying to do? > > Prevent web hosting customers from running their own formmail scripts. > User nobody (or www or whatever) should not be able to execute > sendmail. All other users should (otherwise things will break > horribly). The system-provided (my provided) formmail.pl will run > setgid to some group other than nobody (or www or whatever).
Oh yeah. I do see where the problem lies. Why not approach this problem from another angle - especially easy if you have a spare box around, or something which separates the submission and MTA parts (sendmail submit and MTA, or qmail-send and qmail-smtpd come to mind). If local qmail-send or submit - 1. Add nobody@server-name, or nobody@localhost as a REJECT entry to your access.db 2. Have a wrapper around it which looks for amount of mail sent and automatically freezes accounts which send out more mail than a threshold. Especially with small business / virtual hosting customers, this threshold won't ever be reached unless some idiot installs an exploitable formmail, or starts a spam run directly from your webservers. If a spare box - 1. Have bulkmail detection (like http://www.rhyolite.com/dcc/ for example) built into it. 2. Heavily rate limit sendmail on this box 3. Smarthost your webservers through this box. 4. Yup - add the nobody REJECT here as well. Even if stuff does get out, the rate limiting will ensure that a very minimal amount of it gets out, and you can reach and lockdown the account in no time. You can also clean all this crap out of the queue quite fast by grepping for a single string in the queue, awking the queue id out and running qtool.pl -d queue-id ... (qtool.pl is a script in the sendmail contrib/ directory to move mail between queues, or to delete mail from a live queue) > This is important, since one of these customers has already got a > server into one of the blackhole lists. If it is Ron Guilmette's list of open formmails at http://www.monkeys.com I pity you ... it aint going to get out very easily. Idiots at Verio sent him a legal notice asking him to remove a ton of their servers which got listed for having open formmails. That made him say "ok, I'll add servers but won't ever remove them" ... -srs ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
