[ic] Mail forms under attack!!

Kevin Walsh kevin at cursor.biz
Wed Jan 18 20:44:37 EST 2006

maillists <lists at gmnet.net> wrote:
> Thanks for your reply! The spam is targeted at OTHERS!! (makes me really
> upset!) My sendmail/Mailscanner is not a relay. Only localhost (apache)
> can send mail. 
> I realize that this might not really be an Interchange thing, so I have
> posted for help on other lists as well. I'm not even sure that it is a
> problem with the mail forms, but I want to tighten them up as much as
> possible. 
> I am using Redhat Linux, IC5.4, Mailscanner, and Sendmail. This is a new
> line item in my daily Logwatch that just started to appear:
> <snip>
> Authentication warnings:
>     apache set sender to info at gmnet.net using -f: 7 Times(s)
> </snip>
> (info at gmnet.net is a real user on my sys.)
> Any help would be really appreciated. Until then, I am keeping a close
> eye on my mqueue and even shutting down sendmail when needed...
> Sorry if any of you are getting spam from this... Yesterday I got over
> 23,000 undeliverables in my inbox...
Spam could be sent from your form if you don't sanitise your input
CGI variables prior to passing them to the [email] tag.  For instance,
if a variable has an embedded CR character then that could be used to
provide extra email headers, such as CC or BCC.

In a previous article in this thread, Dan Bergan quoted a link to an
article posted by Mike Heins in April 2005 that strips the "email"
and "name" incoming CGI variables at a CR or LF.

Interchange 5.4 provides a "oneline" filter, which you can use to
auto-sanitise your CGIs by adding the following lines to your
catalog.cfg file:

    Filter  email    oneline
    Filter  subject  oneline

Whichever method you select, you should make sure that you filter
all of the incoming CGIs that could possibly influence the [email]
header creation.

Good luck.

   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/

More information about the interchange-users mailing list