| |
| |
| |
|
Comments:
<0> got a question for you guys
<0> lets say apache gets owned and some attacker was able to pop a reverse shell (byp***ing firewall) with uid apache.www
<0> and then they ran some nice little script, something like...
<0> while :; do while read addy;do mail -s "Buy my V14Gr4!" -r "SpamRus <blah@spammer.com>" "$addy"; done < "/email_addys"; done
<0> is there anyway i can differentiate that from legit mail that would be queued up by some box on my LAN?
<1> the queue files would have blah@spammer.com and "Buy my V14Gr4!" and such in them
<0> hmm, well that could be the answer right there, there are only a few email addresses i want in the MAIL FROM
<0> how do i set up a whitelist for those
<0> and drop all others
<1> you want to whitelist outbound senders?
<0> ya
<0> exactly
<1> i guess that's where the check_mail ruleset comes in
<2> shlongs
<3> hello there
<3> i've got an old apache server thats running sendmail, and has a few cgi's that know how to send mail out
<3> problem is, one of them is ****ed up somehow, and spam gets send through it
<3> but i cant put my hand on which script is faulted!
<3> is there any way i can get sendmail to log it's parent pid?
<4> search for the file formmail.pl
<3> i have :)
<5> boa tarde!
<6> Hi Trengo
<5> hey sub :)
Return to
#sendmail
or
Go to some related
logs:
#politics
9argoo3a
#slackware
#windows
xxxpassworld juped
#computers
WXPVOL_EN.iso download
keiranightly
#politics
#worldcup
|
|