Focus on Linux
Spam sent through server using authid=apache or mysql May 30 2008 04:49PM
Stephen Pusey (scp stjohn gmail com) (2 replies)
Re: Spam sent through server using authid=apache or mysql May 30 2008 06:44PM
John Jasen (jjasen realityfailure org)
Stephen Pusey wrote:
> May 21 08:12:32 thismachine sendmail[16842]: AUTH=server,
> relay=ip68-92-154-163.z154-92-62.customer.algz.net [68.92.154.163],
> authid=apache, mech=LOGIN, bits=0
>
> spammers have also used authid=mysql
>
> Y'awl probably think I am an idiot for not figuring this out - but I
> would really appreciate your help - or direction to the right place.

Is sasl configured to use sasldb or another authentication source?

My immediate guess is that apache and mysql have easily guessed
passwords either in sasldb or elsewhere.

--
-- John E. Jasen (jjasen (at) realityfailure (dot) org [email concealed])
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring

[ reply ]
Re: Spam sent through server using authid=apache or mysql May 30 2008 05:45PM
Mark Frey (markfrey extendcomm com)


 

Privacy Statement
Copyright 2010, SecurityFocus