RE: [fw-wiz] sendmail spamming

From: Behm, Jeffrey L. (BehmJL_at_bvsg.com)
Date: 05/29/03

  • Next message: Christopher Hicks: "Re: [fw-wiz] traffic analysis" 
    To: "'Robert E. Martin'" <rmartin@fishburne.org>, firewall-wizards@honor.icsalabs.com
Date: Thu, 29 May 2003 10:39:12 -0500

    Morality? Is that old thing still around? ;-)

    If I understand your question correctly, the gain is that the real spammer
    is using your web server to generate SPAM and making it look as if your web
    server is the real spammer (The real spammer has little risk in being
    labeled a "SPAMMER" from the Internet-at-large). It's just a way for a real
    spammer to cover his/her tracks and cause your site grief, because *you* now
    are at risk of being labeled a "SPAM-generating" site. To the recipient of
    such spam, the "from" address is legitimately from your web server. However,
    the exploit isn't really your email server, it's the web server <I hope
    you're not gonna say you have a web server on the *same* system as your
    email gateway :-( >. The web server legitimately uses the email gateway to
    send emails out to the internet, but the web server has been exploited to
    allow the intruder to send out emails which are tracked back to "coming from
    the web server."

    Hope this helps, and that I understood your question correctly.
    Jeff

    > -----Original Message-----
    > From: Robert E. Martin [mailto:rmartin@fishburne.org]
    > Sent: Thursday, May 29, 2003 8:31 AM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] sendmail spamming
    >
    >
    > Just a moraltiy question for you guys.
    > I have just finished locking up and exploit in our email server. This
    > spawned from a formmail script left on our web server I neglected to
    > delete.
    > I noticed CPU activity spikes on the email server and found
    > that our web
    > server was spamming our email server due to the classic
    > formmail exploit.
    > My question is this. What is the motivation behind such an
    > expliot? What
    > is there to gain from this other than job security for a
    > person like me?
    > This kind of action makes no sense to me.
    >
    > --
    > Robert E Martin
    > IT Manager
    > Fishburne Military School
    > rmartin@fishburne.org
    > 540.946.7726
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Christopher Hicks: "Re: [fw-wiz] traffic analysis"

    Relevant Pages

    • Re: [fw-wiz] sendmail spamming
      ... >If I understand your question correctly, the gain is that the real spammer ... >is using your web server to generate SPAM and making it look as if your web ... The web server and email server are separate machines and different subnets. ...
      (Firewall-Wizards)
    • Re: Apache again
      ... > The above request is IMHO specifically built to force a 404 response. ... > So what's to gain? ... Fingerprinting. ... One of the easiest ways to identify a default web server install is to ...
      (comp.os.linux.security)
    • Re: Linux Firewall for a Multipule IP Network
      ... >> The email server has one external IP, the web server has 20 of them. ... If you have multiple SSL-enabled sites and you want all ... No matter how you slice it, you need all the IPs. ...
      (comp.os.linux.networking)
    • [fw-wiz] sendmail spamming
      ... Just a moraltiy question for you guys. ... I have just finished locking up and exploit in our email server. ... spawned from a formmail script left on our web server I neglected to ...
      (Firewall-Wizards)
    • Re: What Else Do I Need?
      ... The Web server I am using is Apache 2 and PHP 5. ... if an email server that comes with IIS can be set up in the php.ini ...
      (comp.lang.php)