HI Dave, > there's a really common cgi script called formail.cgi/formail.pl that is > routinely exploited to relay mail, that maybe what they're checking for... > (look in your error logs for an attempt at formail)
Yes I do run FormMail.pl but AFAIK it is a secure version and I have tested it myself. But THAT should be using the local sendmail binary to send mail and that is what I see in my Postfix logs when someone uses it. For instance in my SSL log 203.46.4.200 - - [24/Jan/2003:07:42:03 +1000] "POST /cgi-bin/FormMail.pl HTTP/1.1" 302 306 "https://www.zordah.net/payaccount.php"; "Mozilla/5.0 (compatible; Konqueror/3; Linux)" Nothing in my normal log where I am seeing the above messages. and in my Postfix log Jan 24 07:42:03 caramon postfix/pickup[2757]: 5DD3C341DD: uid=48 from=<apache> Jan 24 07:42:03 caramon postfix/cleanup[6454]: 5DD3C341DD: message-id=<[EMAIL PROTECTED]> Jan 24 07:42:03 caramon postfix/qmgr[18132]: 5DD3C341DD: from=<[EMAIL PROTECTED]>, size=759, nrcpt=1 (queue active) Jan 24 07:42:03 caramon postfix/virtual[6470]: 5DD3C341DD: to=<[EMAIL PROTECTED]>, relay=virtual, delay=0, status=sent (maildir) So no, that isn't it... -- Regards, +-----------------------------+---------------------------------+ | Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT /V\ | Mobile : +61 0414 724 766 | | IT Consultancy & /( )\ | WWW : www.zordah.net | | Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 | +-----------------------------+---------------------------------+ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
