On Sat, Sep 27, 2003, [EMAIL PROTECTED] wrote about "Re: mail origin verification": > 2. Last week I was blamed by my ISP that I'm trying to send > spam because apparently my Debian had a world-accessible > Apache mod_proxy (he wasn't aware of that, I found the evidance > in my apache logs), which was used by spammers to "bounce" > SMTP over HTTP proxy (anyone know the exact HTTP stream they > might have used for that?), if this succeeds then it looks like the > spam was originated from the proxy machine.
It doesn't just "look" like spam originated on your machine - it really did. Spammers really love to find machine like yours and have fun abusing them... Sometimes your supposedly HTTP proxy is open also for proxying port 25, which is the worst. But if your proxy is only open for port 80 proxying, they can still abuse it for sending out webmail (via hotmail, and so on), and things like that. The sad thing is that having open HTTP proxies all around the world is a very useful thing for network research, and I used to have such a list with hundreds of proxies. The spammers are now forcing all of them to shut down :( > Conclusion (also mentioned in the mod_proxy docs): DONT ALLOW > WORLD ACCESS TO YOUR PROXY SERVER. Right. -- Nadav Har'El | Saturday, Sep 27 2003, 1 Tishri 5764 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-790466, ICQ 13349191 |A fine is a tax for doing wrong. A tax is http://nadav.harel.org.il |a fine for doing well. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
