On Thu, 2010-12-09 at 23:02 +0100, Matus UHLAR - fantomas wrote:
> > Ah, so they are operational, just poorly configured. That's what you
> > just said in other words, right? :)
> >
> > Anyway, why are *web* servers sending out mail at all? Other than maybe
> > cron junk and friends, which would warrant bypassing SA or extending
> > your internal network. If they are indeed intended to send out mail to
> > third-parties, they better be configured properly first.
>
> web servers are often sending mail from web forms. If client can't choose the
> recipient address, it's safe.
*nod* The "and friends" part I was referring to, worth extending your
internal network for. Those web-forms only send mail to the service's
owner, I hope.
> If the client can't choose the message text it's at least a bit safe.
That would be to third-parties. Regardless how hard abuse of that
service would be, proper mail environment is crucial. Which includes the
hostname.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
