www.ciol.com
www.pcquest.com
www.dqindia.com
www.voicendata.com
www.dqchannelsindia.com
www.dqweek.com
www.biospectrumindia.com
www.computersathome.com
www.livingdigitalindia.com
www.cybernewservice.com
www.idcindia.com
www.globaloutsourcing.org
www.cioljobs.com
www.ciolshop.com
www.cmil.com
The most likely form is a 'recommend this site' form we have, which has a 'to 'from' mail as variables, also with a 'comment' box. You wont find it now. Removed it
At 10:07 AM 8/14/03 -0500, you wrote:
From: "B.H.\(pat\) Forbes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [IMail Forum] Mail being relayed despite 'Relay for IP Addresses'
Date: Thu, 14 Aug 2003 10:07:11 -0500
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-RCPT-TO: <[EMAIL PROTECTED]>
or... just send me the url of your website and I'll find it.
-pat-
----- Original Message ----- From: "Chandni D" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 14, 2003 7:46 AM Subject: Re: [IMail Forum] Mail being relayed despite 'Relay for IP Addresses'
> Makes a lot of sense. How does one confirm the same, and also, which form > was being used? > > At 09:05 PM 8/13/03 -0500, you wrote: > >Your web site probably has a form where people fill stuff out, and then that > >data gets emailed. The email gets accepted because you have that servers ip > >address in your "allow list". If that's the case, it's can be very simple > >for a spammer to use your form processor to send out his garbage. > > > >Essentially, the spammer views the source of the form, and sees what cgi > >you'll be using to process the form data. If he sees a "setable" "to" in > >the form, then he has got you. Consider the following: > > > ><form name="comments" action="cgi_bin/mycgi.pl" method="post"> > ><input type="text" name="from" value=""> > ><input type="text" name="comment" value=""> > ><input type="hidden" name="sendto" value="[EMAIL PROTECTED]"> > ><input type="submit" value="Send it"> > ></form> > > > >All the spammer needs to do is to create his own form, on his server (even > >his home pc), that does the following: > > > ><form name="comments" action="http://yourhost.com/cgi_bin/mycgi.pl"; > >method="post"> > ><input type="hidden" name="from" value="any address he wants"> > ><input type="hidden" name="comment" value="his complete spam message"> > ><input type="hidden" name="sendto" value="each of the people that he wants > >to spam"> > ><input type="submit" value="sendit"> > ></form> > > > >He can write a script to automate the whole process and bingo, he's spamming > >thru your "relay for these addresses". > > > >Understand?? If not, post your form data, including the "post" to the cgi, > >and I'll make a qwik script to show it working. > > > >btw: The solution is to put the "to" variable inside the actual cgi where > >it cannot be overwritten or, add a var in your cgi that queries the senders > >IP address and reject for any not in your ip address list. > > > >My explanation might be a bit confusing... if so, do a google search on > >"formmail exploits", you'll see how it works. > > > >-pat- > > > > > > > ----- Original Message ----- > > > From: "Chandni D" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, August 13, 2003 10:41 AM > > > Subject: [IMail Forum] Mail being relayed despite 'Relay for IP Addresses' > > > > > > > > > > We had the 'Relay for IP Addresses' option on for IMAil, to enable us to > > > be > > > > able to send mails origination from the webbased forms on our websites. > > > The > > > > IP addresses specified was that of the web server where the sites are > > > > hosted. Lately we noticed a huge amount of relay happening through our > > > > IMail, and so we switched to the 'No Relay' . This has stopped the > >relay. > > > > But what remains unexplained is how was mail being relayed, if the > >option > > > > was 'Relay for IP Addresses' . Is there some loophole? Need some answers > > > > as, 'No Relay' cannot be a permanent solution for us. Nee to switch back > > > to > > > > a ''Relay for IP Addresses'', to enable the email traffic originating > >from > > > > our sites. > > > > > > > > Chandni > > > > > > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
