From: Craig Sanders (no email)
Date: Thu Nov 01 2001 - 18:29:14 EST
On Thu, Nov 01, 2001 at 12:16:42AM -0800, Ronald F. Guilmette wrote:
> >postfix's "bad pipelining" check sometimes gets a lot. sometimes not.
> >depends on which spammers are currently operating and what tricks
> >they're trying. it has been unusually popular this week.
>
> That may be directly related to this:
>
> http://www.securityfocus.com/archive/1/221994
>
> In a nutshell, some clever fellow figured out that it is possible to give
> some web servers/proxies a command like:
>
> POST http://some.host:25/ HTTP/1.0
yeah, variants of this have been known for years. there's even a
warning about it in the squid documentation - which is why the default
squid.conf specifically excludes port 25 from the Safe_ports acl.
i ran into this myself a few years ago. i had set up a linux box running
squid and qmail etc for a customer. a year or two later i started
getting complaints about spam being relayed through their box. it turned
out that they had changed the squid configuration and ended up allowing
access to port 25 via squid (for some reason they had even removed the
acl which prevented outsiders from even using their proxy - security is
too "inconvenient" to deal with for some people).
it took me over a day to figure it out because it took ages for it to
even occur to me to look at the squid logs for a mail problem.
so this has been known and actively exploited by spammers for at least a
few years.
> So tell me please, what is this postfix "bad pipelining check" you're
> speaking of? How do I enable it? Do you think that it would thwart
> this type of spamming?
in smtpd_recipient_restrictions:
# reject_unauth_pipelining: reject mail from improperly pipelining spamware
it works for me.
craig
-- craig sanders <> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|