[ic] Mail forms under attack!!
kevin at cursor.biz
Wed Jan 18 20:44:37 EST 2006
maillists <lists at gmnet.net> wrote:
> Thanks for your reply! The spam is targeted at OTHERS!! (makes me really
> upset!) My sendmail/Mailscanner is not a relay. Only localhost (apache)
> can send mail.
> I realize that this might not really be an Interchange thing, so I have
> posted for help on other lists as well. I'm not even sure that it is a
> problem with the mail forms, but I want to tighten them up as much as
> I am using Redhat Linux, IC5.4, Mailscanner, and Sendmail. This is a new
> line item in my daily Logwatch that just started to appear:
> Authentication warnings:
> apache set sender to info at gmnet.net using -f: 7 Times(s)
> (info at gmnet.net is a real user on my sys.)
> Any help would be really appreciated. Until then, I am keeping a close
> eye on my mqueue and even shutting down sendmail when needed...
> Sorry if any of you are getting spam from this... Yesterday I got over
> 23,000 undeliverables in my inbox...
Spam could be sent from your form if you don't sanitise your input
CGI variables prior to passing them to the [email] tag. For instance,
if a variable has an embedded CR character then that could be used to
provide extra email headers, such as CC or BCC.
In a previous article in this thread, Dan Bergan quoted a link to an
article posted by Mike Heins in April 2005 that strips the "email"
and "name" incoming CGI variables at a CR or LF.
Interchange 5.4 provides a "oneline" filter, which you can use to
auto-sanitise your CGIs by adding the following lines to your
Filter email oneline
Filter subject oneline
Whichever method you select, you should make sure that you filter
all of the incoming CGIs that could possibly influence the [email]
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users