[lug] Re: Email spam

Justin glow at jackmoves.com
Thu Apr 25 11:14:37 MDT 2002 

Hmm, yes I've been thinking about switching my webmail software for 
quite a while since he stopped working on it. Just need to find 
something that seem transparent to all the users when it's upgraded 
(ie: all their mail will be where is should be :) ). 

I found a couple more interesting parts of my maillog concerning the 
www account just a little while ago. Seems like my server is being used 
to spam other email too?

Apr 25 10:20:30 oldschool postfix/pickup[16980]: AEA593D47: uid=80 
from=<www>
Apr 25 10:20:30 oldschool postfix/cleanup[17497]: AEA593D47: message-
id=<200204251
62030.AEA593D47 at oldschool.jackmoves.com>
Apr 25 10:20:30 oldschool postfix/qmgr[23379]: AEA593D47: 
from=<www at jackmoves.com>
, size=512, nrcpt=1 (queue active)
Apr 25 10:20:32 oldschool postfix/smtp[17503]: AEA593D47: 
to=<daddyjb at zone-killer.
com>, relay=mail.streetwarz.com[140.99.13.42], delay=2, status=sent 
(250 ok 101975
1721 qp 40795)

Apr 25 10:22:00 oldschool postfix/pickup[16980]: 4AA4F3D47: uid=80 
from=<www>
Apr 25 10:22:00 oldschool postfix/cleanup[17497]: 4AA4F3D47: message-
id=<200204251
62200.4AA4F3D47 at oldschool.jackmoves.com>
Apr 25 10:22:00 oldschool postfix/qmgr[23379]: 4AA4F3D47: 
from=<www at jackmoves.com>
, size=512, nrcpt=1 (queue active)
Apr 25 10:22:01 oldschool postfix/smtp[17503]: 4AA4F3D47: 
to=<njdevls at optonline.ne
t>, relay=mx2.optonline.net[167.206.5.3], delay=1, status=sent (250 
2.5.0 Ok.)

*sigh*

Justin

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 25 April 2002 09:34 am, Justin wrote:
> > The userid 80 is for my webserver, apache. I don't have any cgi that
> > sends mail, the only cgi scripts I have are Neomail for my webmail.
> 
> I think that CGI based webmail would count as a CGI that sends 
mail . . .
> 
> I think that either someone with a Jackmoves Neomail account is 
sending the 
> SPAM, or someone has figured out how to get the neomail.pl CGI to 
send 
> messages without having to log in.  (This wouldn't be surprising.)
> 
> BTW, I would seriously consider switching to a webmail that isn't 
abandoned.  
> Who is keeping up with security issues for Neomail?
> 
> - -Peter
> 
> - -- 
> /"\ ASCII Ribbon campaign against HTML e-mail
> \ /
>  X   Get my PGP key at http://hutnick.com/pgp
> / \  6128 5651 6F23 EC17 6EBD  737D 960A 20E6 76CA 8A59
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE8yYnNlgog5nbKilkRAiiqAJsFtdOGARI7+gFOJydTRnSTApMicACfZkBd
> R4DQvddS7hu9BFIgfnHRLws=
> =jtAc
> -----END PGP SIGNATURE-----
> 
> 

-----
glow at jackmoves.com
www.jackmoves.com

More information about the LUG mailing list