On Fri, Feb 14, 2003 at 08:33:02PM +0000, Nicholas Clark wrote: > On Fri, Feb 14, 2003 at 02:06:02PM +0000, Steve Keay wrote: > > Some kind of security (or obscurity) would be advisable so you don't > > create an open relay. > > I doubt very much that "obscurity" provides more than a few hours security > against an open relay being found out. I've seen regular brute probes in > the apache error log for FormMail (under various name permutations) so I > don't doubt that other scanners are attempting to see if any mail server > present on a box will "helpfully" relay messages.
Ahh, but they're looking for "normal" open relays. This was going to be a funky relay that meant you had to send to a wierd address to get the message sent. Nobody knows that, so they won't do it. FormMail has so many installations worldwide that you're going to find lots of abuseable ones by just looking at random IP addresses. People have worked out how to scan for it and attack it because it is profitable for them to do so. If your site runs your own version of formmail that accepts different paramiters then it is *very* unlikley that anyone will abuse it. It's not worth the effort for just one site. Somtimes obscurity works, but one should only rely upon it to protect things that don't cost much money.
