Apache being used to relay mail
Rodent of Unusual Size
Ken.Coar at Golux.Com
Mon Apr 7 11:58:40 EDT 2003
Bruce Dawson wrote:
> For those of us who run web sites and are wondering why your site is
> getting blacklisted for email, I've finally figured this much out:
>
> Spammers are using the Proxy mechanisms of apache to surreptitiously
> send mail. Turning off ProxyRequest and ProxyVia seems to close the
> hole.
>
> They appear to be using HTTP requests like
>
> POST http://rogue.codemeta.com:25 HTTP/1.0
> ...
>
> Just thought some of the sysadmins out there would like to know - it
> took me forever to figure out the "Open Relay" was in Apache and not
> sendmail!
this should fix it (for a 1.3 apache server):
<Directory proxy:*>
RewriteEngine On
RewriteRule "^proxy:[a-z]*://[^/]*:25(/|$)" - [F,L,NC]
</Directory>
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"Millennium hand and shrimp!"
More information about the gnhlug-discuss
mailing list