This is a resend. It appears that the mailing list software on
sourceforge filters out mail that contains the formmail.cgi signature
and it dropped my message which contained a quote of some formmail.cgi
output :-)

On Fri, 2002-03-29 at 11:05, dman wrote:
> If the spammer can send me the spam, why can't I send
> the listme request?

Actually, now that I have taken another look at
 http://dsbl.org/faq-help.html
I see that you can. I thought the "specially formatted" message had
something in the headers. All it is really needs is the right thing in
the message within the first 6 lines. The above link mentions formmail
specifically, and as you see in the sample output below the message
portion begins in line 5 with the prefix "message:", with the first line
that you would have complete control over being line 6.

So all you have to do is is follow the example and figure out how to
encode newlines in the message in the URL to send a message that looks
like the LISTME example at the above link.

Notice, though that the example includes space for a cookie. So far I
see no mention about how to become a "trusted" submitter and get your
cookie. I also see no specific example of the format an "untrusted"
submitter would use to submit a LISTME without a cookie.

 -- sidney

The rest of this, beginning with the next non-blank line is what I got
back from using the example in the BugTraq security alert, on this
resend edited to not really look like it does so this message doesn't
get blocked :-)


Bxlxw ix txe rexuxt of yoxr feexbaxk foxm.  It was subxitxed bx
 () on Friday, March 29, 2002 at 05:47:14
x-x-----x----x---x---x--x---x----x---x---x---x---------------------------x

message: Proof that FormMail.pl can be used to send anonymous spam.

x------x-----------------x---------------x-------------x-----------x------x




_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to