I took this message to mean that the script was a hacker located just "on
the web" trying to relay with a spoffed IP address, not a user on his own
box. If it were the latter I'd certainly start by giving the user the
boot... which is it, though? I'm just curious...
-----Original Message-----
From: Greg White [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 12:24 PM
To: [EMAIL PROTECTED]
Subject: Re: SMTP Question
On Thu, Feb 01, 2001 at 02:46:22PM -0500, Chris McCoy wrote:
> I provide free hosting and have a large amount of users everyday. I only
> have relaying from 127.0.0.1 because of I send an email out for
> verification from my php signup script. I have this one issue. Someone was
> trying to send 1000's of emails from a script on the web making the
> machine thinking its 127.0.0.1 localhost. the only reason i have the
> 127.0.0.1 for relay is because of sending out that email for
> verification. other than that i dont need relay. how can i fix this
> problem so people cant send mail from our server on our web page? any help
> is greatful. (this is a freebsd machine) thanks.
>
> --
> Chris McCoy
> [EMAIL PROTECTED]
>
So, if I understand this right, the mail is actually coming from
localhost, because the spam is being generated by a script
hosted on the mail machine, right? Ouch. My first inclincation would be
to kick that user off my machine, immediately and without notice, and
bar him from my network. Dirty spammer. Your AUP does not allow spam,
right? Given that this may be difficult or impossible, I think that
Mark Delany had the right idea -- use qmail-inject directly, and deny
relay for localhost....
--
Greg White
Those who make peaceful revolution impossible will make violent
revolution inevitable.
-- John F. Kennedy
