On Fri, Sep 14, 2001 at 11:50:36AM -0700, Ian LeBlanc wrote:
> If you read earlier emails.. I stated it was generated by a script on the
> server.. NOT through
> relaying... SMTP is CLOSED on our server. We do not allow outgoing mail for
> our clients because
> of client abuse. We now make them use their ISP (dial up provider) to send
> outgoing email.
OK, good deal. (You hadn't posted that information when I and others
started guessing).
>
> And I have read the stuff on badmailfrom but that is DOMAIN i only want
> specific USERS@DOMAIN
> not able to send mail... not the whole domain... Like no one should be able
> to send from [EMAIL PROTECTED]
> but I want to be able to send from my address [EMAIL PROTECTED] ... and
> according to the manual if I add
> RASK.COM to the BADMAILFROM file it blocks us all....
No, it does not. badmailfrom can block individual senders or whole
domains. You've misread the (admittedly somewhat unclear) manpage -- it
says 'may be', not 'must be'. If these messages are being locally
injected via SMTP, badmailfrom will work. I suspect they're using the
sendmail wrapper or qmail-inject tho...
>
> So you know.. our server runs perl (of course....) and PHP.
> I am the only developer on the server who programs ANY PERL or PHP on the
> server.
> I have reviewed all my scripts... none of them can be exploited that I can
> tell.
Who's got shell access? Is it possible you've been 'sploited, and that's
how they're generating this?
GW
