RE: spamming via formail.pl
From: Moeller, Arno (am@bogs.de)Date: 09/26/01
- Previous message: Thiago Conde Figueiro: "Re: Help with hijacked sendmail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <805176E0B926D5119CEC0080C894243708F612@yes.bogs.mit> From: "Moeller, Arno" <am@bogs.de> To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com> Subject: RE: spamming via formail.pl Date: Wed, 26 Sep 2001 13:06:31 +0200
Hi,
> Yes, you could use the referer header to see if they're 'legit' but
> we all know that's forgable too. What you should do is hard code the
> addr to which the mail goes in the formail.pl script, rather than
> having it rely on form data. That way the worst the spammers can do
> is target that one email address.
I'm totally aware of all that, but we're dealing with spammers here. And
I like to think of spammers being lazy. When one method doesn't work
anymore they tend to move on to the next formmail-script/open relay, in-
stead of trying to defeat the measures being taken to prevent spamming.
I also know that this is a dangerous assumption, but for now denying GET
cut down spam from formmail-scripts to zero. Of course, I'm monitoring
my log-files closely, and by any signs of further spamming I'll take
apropriate actions, e.g. hard-code the recipient into the formmail script.
But for now, in consideration of the fact, that there's no spamming going
on for now, it's the best solution for all: The customers aren't bothered
with spam, and the spammers can't spam.
Best regards,
Arno Moeller
- Previous message: Thiago Conde Figueiro: "Re: Help with hijacked sendmail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
