Java linux HTML qmail C++ PHP Debian MySQL ASP JavaScript perl Delphi NetBSD Solaris etc etc etc [...]

<SiegeX> got a question for you guys
<SiegeX> lets say apache gets owned and some attacker was able to pop a reverse shell (bypassing firewall) with uid apache.www
<SiegeX> and then they ran some nice little script, something like...

<SiegeX> while :; do while read addy;do mail -s "Buy my V14Gr4!" -r "SpamRus <>" "$addy"; done < "/email_addys"; done
<SiegeX> is there anyway i can differentiate that from legit mail that would be queued up by some box on my LAN?
<msk> the queue files would have and "Buy my V14Gr4!" and such in them
<SiegeX> hmm, well that could be the answer right there, there are only a few email addresses i want in the MAIL FROM
<SiegeX> how do i set up a whitelist for those
<SiegeX> and drop all others
<msk> you want to whitelist outbound senders?
<SiegeX> ya
<SiegeX> exactly
<msk> i guess that's where the check_mail ruleset comes in
<nocarrier> shlongs

<dweller> hello there
<dweller> i've got an old apache server thats running sendmail, and has a few cgi's that know how to send mail out
<dweller> problem is, one of them is ****ed up somehow, and spam gets send through it
<dweller> but i cant put my hand on which script is faulted!
<dweller> is there any way i can get sendmail to log it's parent pid?
<lwh> search for the file
<dweller> i have :)
<Trengo> boa tarde!
<sub> Hi Trengo
<Trengo> hey sub :)



Please enter the result of the sum 63 + 46 (to avoid spam):

Return to #sendmail
Go to some related logs: