Firewall Wizards mailing list archives

RE: sendmail spamming

From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Thu, 29 May 2003 10:39:12 -0500

Morality? Is that old thing still around? ;-)

If I understand your question correctly, the gain is that the real spammer
is using your web server to generate SPAM and making it look as if your web
server is the real spammer (The real spammer has little risk in being
labeled a "SPAMMER" from the Internet-at-large). It's just a way for a real
spammer to cover his/her tracks and cause your site grief, because *you* now
are at risk of being labeled a "SPAM-generating" site. To the recipient of
such spam, the "from" address is legitimately from your web server. However,
the exploit isn't really your email server, it's the web server <I hope
you're not gonna say you have a web server on the *same* system as your
email gateway :-(  >. The web server legitimately uses the email gateway to
send emails out to the internet, but the web server has been exploited to
allow the intruder to send out emails which are tracked back to "coming from
the web server."

Hope this helps, and that I understood your question correctly.
Jeff

-----Original Message-----
From: Robert E. Martin [mailto:rmartin () fishburne org] 
Sent: Thursday, May 29, 2003 8:31 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] sendmail spamming

Just a moraltiy question for you guys.
I have just finished locking up and exploit in our email server. This 
spawned from a formmail script left on our web server I neglected to 
delete.
I noticed CPU activity spikes on the email server and found 
that our web 
server was spamming our email server due to the classic 
formmail exploit.
My question is this. What is the motivation behind such an 
expliot? What 
is there to gain from this other than job security for a 
person like me? 
This kind of action makes no sense to me.

-- 
Robert E Martin
IT Manager
Fishburne Military School
rmartin () fishburne org
540.946.7726

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

sendmail spamming Robert E. Martin (May 29)
- Re: sendmail spamming R. DuFresne (May 29)
- Re: sendmail spamming Chuck Swiger (May 29)
- <Possible follow-ups>
- RE: sendmail spamming Behm, Jeffrey L. (May 29)
  - Re: sendmail spamming Robert E. Martin (May 29)
  - RE: sendmail spamming Jim Seymour (May 30)
- RE: sendmail spamming Behm, Jeffrey L. (May 29)
- Re: sendmail spamming Don Jones (May 30)