On 10 April 2009 c. 05:42:21 Uwe Dippel wrote:
> I'm running postfix as MTA on a machine with several CMS, on a
> chrooted Apache. Recently, there is a huge number of spam being sent
> from there, alas. When I scan the postfix-logs, all those come from
> 'root', meaning they don't come through port 25. I run OpenBSD with
> mini-sendmail, and now I wonder how I could find out from which CMS
> they are sent. Is there any chance to find out from which CMS they are
> sent?
Do your clients have ability to connect to external hosts? If yes then
you should not even bother logging PHP mail() calls or such.
If outgoing connections are closed then you should have different system
users (i.e., different UIDs) for each client; otherwise it'll be easy
possible for hacker to spoof sender: nothing stops him from modifying
other client's scripts or just implementing SMTP server entire in PHP.
And only if both requirements passed then you can improve your antispam
scurity either by 1) modifying mini_sendmail, or 2) writing a simple
Perl wrapper that parses input data (bundled and/or in-ports Perl
modules should make it very easy) and then passes data to real
mini_sendmail.
IMHO, it's much easier to make mini_sendmail log mail, or add a specific
header to each letter that may help you in debugging. In the latter case
you may even put some limits for mail based on your header knowledge in
your "real" MTA, which mini_sendmail will forward letters to. You do not
need big programming skills to do that, just some basic C knowledge. If
you do not know C at all, ask some your friend to do this work for beer
(or mineral water, if he doesn't like alcohol ;) ).
--
Best wishes,
Vadim Zhukov
A: Because it messes up the way people read text.
Q: Why is a top-posting such a bad thing?
