Java linux HTML qmail C++ PHP Debian MySQL ASP JavaScript perl Delphi NetBSD Solaris etc etc etc [...]







Comments:
<SiegeX> got a question for you guys
<SiegeX> lets say apache gets owned and some attacker was able to pop a reverse shell (bypassing firewall) with uid apache.www
<SiegeX> and then they ran some nice little script, something like...



<SiegeX> while :; do while read addy;do mail -s "Buy my V14Gr4!" -r "SpamRus <blah@spammer.com>" "$addy"; done < "/email_addys"; done
<SiegeX> is there anyway i can differentiate that from legit mail that would be queued up by some box on my LAN?
<msk> the queue files would have blah@spammer.com and "Buy my V14Gr4!" and such in them
<SiegeX> hmm, well that could be the answer right there, there are only a few email addresses i want in the MAIL FROM
<SiegeX> how do i set up a whitelist for those
<SiegeX> and drop all others
<msk> you want to whitelist outbound senders?
<SiegeX> ya
<SiegeX> exactly
<msk> i guess that's where the check_mail ruleset comes in
<nocarrier> shlongs



<dweller> hello there
<dweller> i've got an old apache server thats running sendmail, and has a few cgi's that know how to send mail out
<dweller> problem is, one of them is ****ed up somehow, and spam gets send through it
<dweller> but i cant put my hand on which script is faulted!
<dweller> is there any way i can get sendmail to log it's parent pid?
<lwh> search for the file formmail.pl
<dweller> i have :)
<Trengo> boa tarde!
<sub> Hi Trengo
<Trengo> hey sub :)


Name:

Comments:

Please enter the result of the sum 63 + 46 (to avoid spam):






Return to #sendmail
or
Go to some related logs:

politics
slackware
windows
computers
keiranightly
politics
worldcup