Hi Lisa, There is, I think, nothing special about FormMail.pl and this exploit Any request to send mail made from the local machine is not relaying. The request to send mail comes in via http. the request sendmail receives is from the owner of the cgi script (local) which may or may not be the webserver.
Kai On Wed, Feb 20, 2002 at 04:09:17PM -0700, Lisa Bogar wrote: > > Someone on campus called me yesterday inquiring about how to stop relaying > through sendmail. He thought he had configured his sendmail.cf to not > allow relaying, but then got notified he was relaying mail. Today after > some searching he found some information about FormMail.pl where it can be > used to cause your webserver to relay mail. He found his information from > www.8wire.com. Is anyone else familar with this and have you encountered > it? The logs show attacks targeted at the cgi-bin that sent out tons of > porno spam. > > Just trying to find out more information and I am surprised if it is > indeed happening why I haven't seen anything on CERT or bugtraq. > > TIA > Lisa > > ************************************** > * Lisa L. Bogar * > * Montana State University-Bozeman * > * Information Technology Center * > * Bozeman, MT 59717-3240 * > * * > * Phone: (406) 994-7887 * > * FAX: (406) 994-4600 * > * email: [EMAIL PROTECTED] * > **************************************
