Re: formmail

["Jay D. Dyson" <jdyson () treachery net>]

-----BEGIN PGP SIGNED MESSAGE-----

On 1 Sep 2001, Soeren Ziehe wrote: 

> There was an attempt to use a formmail perl script installed on our
> server from a non-local address. 
<snip>
> IF you've stayed with me until here. Has anyone seen the same access  
> attempts patterns/tool signatures?

        Sure have.  Sadly, many were successful at one agency I advise.
Seems that spammers have tired of simply looking for open relays and are
now looking for other avenues by which they can abuse third-party mail
systems and thus overcome the now-defunct ORBS and now-pay-for-use RBL.

        It's long since been at the point where it's inadvisable to run
a web-to-mail gateway unless you've got your script configured to allow
only specific recipients.  Anything less is just leaving your system open
for abuse by the lowest form of net.scum.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `--- Failure is never as devastating as regret. ---'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO5Hw/blDRyqRQ2a9AQEFmgP/cX+EpzliO8yKX6hllBtsxXXgz7oW6Iup
jRIcQIla5BidXB4EDwirFy79tVW9pZLNNoAKjDJ1mVuOVLDfeyWWjSvoF2pWQ9jO
FttJIcgh5MYjvii7aMrpt3gOUi9xGDLByhirwEBpwL6I+mbueeL+PCy+WEusf4jM
y5utnqxaduM=
=mQ8H
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com