[ic] Mail forms under attack!!
Kevin Walsh
kevin at cursor.biz
Wed Jan 18 20:44:37 EST 2006
maillists <lists at gmnet.net> wrote:
> Thanks for your reply! The spam is targeted at OTHERS!! (makes me really
> upset!) My sendmail/Mailscanner is not a relay. Only localhost (apache)
> can send mail.
>
> I realize that this might not really be an Interchange thing, so I have
> posted for help on other lists as well. I'm not even sure that it is a
> problem with the mail forms, but I want to tighten them up as much as
> possible.
>
> I am using Redhat Linux, IC5.4, Mailscanner, and Sendmail. This is a new
> line item in my daily Logwatch that just started to appear:
>
> <snip>
> Authentication warnings:
> apache set sender to info at gmnet.net using -f: 7 Times(s)
> </snip>
> (info at gmnet.net is a real user on my sys.)
>
> Any help would be really appreciated. Until then, I am keeping a close
> eye on my mqueue and even shutting down sendmail when needed...
>
> Sorry if any of you are getting spam from this... Yesterday I got over
> 23,000 undeliverables in my inbox...
>
Spam could be sent from your form if you don't sanitise your input
CGI variables prior to passing them to the [email] tag. For instance,
if a variable has an embedded CR character then that could be used to
provide extra email headers, such as CC or BCC.
In a previous article in this thread, Dan Bergan quoted a link to an
article posted by Mike Heins in April 2005 that strips the "email"
and "name" incoming CGI variables at a CR or LF.
Interchange 5.4 provides a "oneline" filter, which you can use to
auto-sanitise your CGIs by adding the following lines to your
catalog.cfg file:
Filter email oneline
Filter subject oneline
Whichever method you select, you should make sure that you filter
all of the incoming CGIs that could possibly influence the [email]
header creation.
Good luck.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list