|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eddy Ilg (eddy
fericom.net)
Date: Mon Oct 01 2007 - 17:03:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Victor,
> The vast majority of similar cases are HTTP feedback forms, or other
> insecure CGI scripts. Logs reveal how the email enters your system.
Thanks for the hint.
>> Received: by mail.dextermedia.net (Postfix, from userid 1001)
>> id 082E98062CC; Sat, 29 Sep 2007 14:37:42 +0200 (CEST)
>
> This message arrived via a local submission from user "1001", not
> via SMTP. Likely this is a web-server application account.
This is a custom spam filter script. Before the mail is re-submitted by
this user it is first accepted by postfix.
And still the question arises why postfix accepts the mail initially:
Received: from EXCHANGE (brmn-4db7427e.pool.einsundeins.de [77.183.66.126])
by mail.dextermedia.net (Postfix) with ESMTP id 8A8D38062DD
for <jensenchms34.hinet.net>; Sat, 29 Sep 2007 14:37:37 +0200
(CEST)
This should not be. If I try to submit a mail for
jensenchms34.hinet.net via telnet it is rejected, so I can't figure
where the difference is.
Best regards
Eddy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]