On Wednesday 20 February 2002 05:09 pm, Lisa Bogar wrote:
> Someone on campus called me yesterday inquiring about how to stop relaying
> through sendmail. He thought he had configured his sendmail.cf to not
> allow relaying, but then got notified he was relaying mail. Today after
> some searching he found some information about FormMail.pl where it can be
> used to cause your webserver to relay mail. He found his information from
> www.8wire.com. Is anyone else familar with this and have you encountered
> it? The logs show attacks targeted at the cgi-bin that sent out tons of
> porno spam.
>
> Just trying to find out more information and I am surprised if it is
> indeed happening why I haven't seen anything on CERT or bugtraq.
>
> TIA
> Lisa
>
> **************************************
> * Lisa L. Bogar *
> * Montana State University-Bozeman *
> * Information Technology Center *
> * Bozeman, MT 59717-3240 *
> * *
> * Phone: (406) 994-7887 *
> * FAX: (406) 994-4600 *
> * email: [EMAIL PROTECTED] *
> **************************************
sendmail will (almost) always be configured to relay mail from the local
machine, when the formmail bug is exploited it would be sent out from the
local machine, or something. You should really just upgrade formmail.
