These kind of attacks are down to poor code and infrastructure. I would check that you do not have any cfmail blocks with dynamic to and from fields - if they do and your server allows relay mail then anyone could use your server to send email.
Do a grep on your code to are where and how you are using CFMAiL and get some defensive code in there pronto! "This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: Steve Nguyen <[EMAIL PROTECTED]> To: CF-Server <[email protected]> Sent: Wed Mar 15 17:01:07 2006 Subject: CFMAIL Abuse NOTE: Sorry, i had posted this earlier to the wrong forum =( We are experiencing a problem with a spammer using CFMAIL to send out spam. I don't know if it's a direct customer or someone using email injection on a customer's site. The mail logs only show when, who, where and what was emailed, but I need to figure out who's scripts are being run that is doing this. The CF logs don't help. Is there a way to find out who's abusing the cfmail tag? The only thing I can do is add filters on the mail server to prevent the email from going through, but the spammer just keeps changing his domain name and content. Any ideas on how to fight this? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5863 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.10 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
