At 09:05 PM 8/13/03 -0500, you wrote:
Your web site probably has a form where people fill stuff out, and then that data gets emailed. The email gets accepted because you have that servers ip address in your "allow list". If that's the case, it's can be very simple for a spammer to use your form processor to send out his garbage.
Essentially, the spammer views the source of the form, and sees what cgi you'll be using to process the form data. If he sees a "setable" "to" in the form, then he has got you. Consider the following:
<form name="comments" action="cgi_bin/mycgi.pl" method="post"> <input type="text" name="from" value=""> <input type="text" name="comment" value=""> <input type="hidden" name="sendto" value="[EMAIL PROTECTED]"> <input type="submit" value="Send it"> </form>
All the spammer needs to do is to create his own form, on his server (even his home pc), that does the following:
<form name="comments" action="http://yourhost.com/cgi_bin/mycgi.pl"; method="post"> <input type="hidden" name="from" value="any address he wants"> <input type="hidden" name="comment" value="his complete spam message"> <input type="hidden" name="sendto" value="each of the people that he wants to spam"> <input type="submit" value="sendit"> </form>
He can write a script to automate the whole process and bingo, he's spamming thru your "relay for these addresses".
Understand?? If not, post your form data, including the "post" to the cgi, and I'll make a qwik script to show it working.
btw: The solution is to put the "to" variable inside the actual cgi where it cannot be overwritten or, add a var in your cgi that queries the senders IP address and reject for any not in your ip address list.
My explanation might be a bit confusing... if so, do a google search on "formmail exploits", you'll see how it works.
-pat-
> ----- Original Message ----- > From: "Chandni D" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 13, 2003 10:41 AM > Subject: [IMail Forum] Mail being relayed despite 'Relay for IP Addresses' > > > > We had the 'Relay for IP Addresses' option on for IMAil, to enable us to > be > > able to send mails origination from the webbased forms on our websites. > The > > IP addresses specified was that of the web server where the sites are > > hosted. Lately we noticed a huge amount of relay happening through our > > IMail, and so we switched to the 'No Relay' . This has stopped the relay. > > But what remains unexplained is how was mail being relayed, if the option > > was 'Relay for IP Addresses' . Is there some loophole? Need some answers > > as, 'No Relay' cannot be a permanent solution for us. Nee to switch back > to > > a ''Relay for IP Addresses'', to enable the email traffic originating from > > our sites. > > > > Chandni
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
