Re: Server accepting mails that are normally refused - hack?

• Previous message: Eddy Ilg: "Re: Server accepting mails that are normally refused - hack?"
• Maybe in reply to: Eddy Ilg: "Server accepting mails that are normally refused - hack?"
• Next in thread: Victor Duchovni: "Re: Server accepting mails that are normally refused - hack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Victor,

> The vast majority of similar cases are HTTP feedback forms, or other
> insecure CGI scripts. Logs reveal how the email enters your system.
Thanks for the hint.

>> Received: by mail.dextermedia.net (Postfix, from userid 1001)
>> id 082E98062CC; Sat, 29 Sep 2007 14:37:42 +0200 (CEST)
>
> This message arrived via a local submission from user "1001", not
> via SMTP. Likely this is a web-server application account.
This is a custom spam filter script. Before the mail is re-submitted by
this user it is first accepted by postfix.

And still the question arises why postfix accepts the mail initially:

Received: from EXCHANGE (brmn-4db7427e.pool.einsundeins.de [77.183.66.126])
         by mail.dextermedia.net (Postfix) with ESMTP id 8A8D38062DD
         for <>; Sat, 29 Sep 2007 14:37:37 +0200
(CEST)

This should not be. If I try to submit a mail for
 via telnet it is rejected, so I can't figure
where the difference is.

Best regards

Eddy

• Previous message: Eddy Ilg: "Re: Server accepting mails that are normally refused - hack?"
• Maybe in reply to: Eddy Ilg: "Server accepting mails that are normally refused - hack?"
• Next in thread: Victor Duchovni: "Re: Server accepting mails that are normally refused - hack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]