I figured as much that's why I cross-posted here from the postfix list :) I'm +1 on removing the default proxy stuff as well. If not then we should change it to be secure by default if that's possible.
Hopefully the person concerned found all the interest helpful? david ----- Original Message ----- From: "Joshua Slive" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 05, 2003 7:44 PM Subject: Re: Fw: Spam postings via Apache to postfix on the same host > > On Sat, 5 Jul 2003, David Reid wrote: > > > 203.98.177.86 - - [24/Jun/2003:12:33:27 +0200] "POST > > > http://xx.xx.xx.xx:25/ HTTP/1.1" 200 208 > > Yes, it's an apache configuration problem. They set "ProxyRequests On" > without properly securing their proxy server. This means they can be > abused for tons of purposes, one of which is spam. > > One possible thing we could do is simply remove the sample proxy config > from our default httpd.conf. These samples make it too easy for people to > activate a proxy without securing it properly. > > Joshua. >
