[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: spam on CIS: sendmail exploit used commercially ?
On Tue, 26 Aug 1997, Peter wrote:
>
> I don't know what kind of script would fool sendmail into accepting such
> a flagrant spoofing but I want to know it just in case it happens to me.
>
> I did look up (and find) the IP of the sender in the headers. Not that it
> helped me much. What I don't get is how do you send email to SMTP and get
> the From: header to show To: when you *HAVE* to use the MAIL FROM:<..>
> SMTP command ?!
how about something like this:
/usr/sbin/sendmail -t
From: spammer@spam.org
To: spammer@spam.org
Bcc: spamlist@site.com, plp@actcom.co.il
Subject: somethng
^D
this would result with something you describe, and I guess it's not the
only way to do it, millions of possiblity, but why bother.
>
> BTW, some people still run sendmail and are happy with it. On Linux. In
> Israel. And that's a topic for the Israeli linux group imho. Correct me
> if I'm wrong, please.
sendmail does the job, I dunno about qmail, but I would agree that
sendmail cryptic configuration does sucks and could be worked on.
but as I said it does the job quite good.
+--------------------------------------------------------------------+
| Asher Frenkel Unix System Administrator |
| Fax : +972-3-6978115 Phone: +972-3-6978263|
| E-Mail:asher@ibm.net.il +972-3-6978687|
+--------------------------------------------------------------------+
IBM Israel
2, Weizmann St.
Tel Aviv 61336 ====== ======= === ===
http://www.ibm.net.il/ ====== ======== ==== ====
Dialup registration: 177-022-3993 == == == ==== ====
Company services: 03-6978663 == ====== == === ==
Internet sales fax: 03-6978115 == == === == = ==
Enquiries: info@ibm.net.il ====== ======== === ===
Technical support: noc@ibm.net.il ====== ======= === ===
----------------------------------------------------------------------