Re: {Spam?} Re: Outgoing mail scanning

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Yep, NMS is what I'd recommend.  btw I co-wrote the advisory
on these issues ;) --

http://cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00311.html

- --j.

up@3.am writes:
> This is old news...I got nailed with the Matt's FormMail.pl hack a couple
> of years ago...the solution is to use the NMS ("Not Matt's Scripts")
> drop-in replacement:
> 
> http://nms-cgi.sourceforge.net/
> 
> AFAIK, the NMS version is imune to these hacks, if implemented properly.
> 
> On Mon, 7 Feb 2005, Rakesh wrote:
> 
> > Hi all,
> >
> > Since this specific post involves the FormMail.pl, I thought you guys
> > might be interested in this article and its suggestions
> >
> > http://www.linuxexposed.com/Articles/Hacking/The-FormMail-Hack-Explained.html
> >
> > regards
> > Rakesh
> >
> > EB wrote:
> >
> > >Hi Kenneth:
> > >
> > >But did you change the /etc/rc.d/init.d/sendmail file to point
> > >elsewhere?  Because it's pointing to the /usr/sbin/sendmail now and
> > >it's expecting it as a daemon.
> > >
> > >Karen
> > >
> > >
> > >On Fri, 04 Feb 2005 15:18:10 -0600, Kenneth Andresen <ke...@cancun.net> wrote:
> > >
> > >
> > >>Hello Filip,
> > >>
> > >>Thank you for your script! I have been looking up several alternative
> > >>paths now, and yours seem to be the better way to go.
> > >>
> > >>I had not noticed before that /usr/sbin/sendmail in fact only was a
> > >>symlink. I have been testing your script, and it is necessary for me to
> > >>modify it.
> > >>
> > >>This is what I did:
> > >>I stored your script on my own local machine, added execute permissions,
> > >>and made the symlink /usr/sbin/sendmail point to that file.
> > >>
> > >>I edited the script with the sendmail variable to point to
> > >>/etc/alternatives/mta (which points to the true sendmail executable on
> > >>all my redhat based systems)
> > >>
> > >>Then I tried to execute the following from command line:
> > >>
> > >>echo -e "test\ntest" | mail -s "test" "my@email"
> > >>
> > >>that gave the result "2.6/5.0"...
> > >>
> > >>The mail was sent, without any modification, but that's likely because I
> > >>did it on the command line.
> > >>
> > >>Anyway, the script has been of great help, and I will likely have a
> > >>filter in place some time next week.
> > >>
> > >>Best regards,
> > >>Kenneth
> > >>
> > >>
> > >>On Mon, 2005-01-31 at 17:43, Andrzej Adam Filip wrote:
> > >>
> > >>
> > >>>Kenneth Andresen wrote:
> > >>>
> > >>>
> > >>>>How is it possible to make such a sendmail wrapper script? Any links to
> > >>>>examples?
> > >>>>
> > >>>>
> > >>>No but you can modify the script below to fit your needs:
> > >>>
> > >>>#!/bin/sh
> > >>># temporary directory
> > >>>TMPDIR=/tmp
> > >>># temporary working file name - unix time and process ID
> > >>>TMPFILE=`/bin/date +%s`.$$
> > >>># temporary working file full path
> > >>>TMPPATH="$TMPDIR/$TMPFILE"
> > >>># "true" sendmail path
> > >>>SENDMAIL=/usr/sbin/sendmail
> > >>># directory to keep "classified as spam" messages
> > >>>QUARANTINEDIR=/var/spool/quarantine
> > >>>
> > >>># remove temporary file in case of problems
> > >>>trap "rm -f $TMPPATH" 0 1 2 3 15
> > >>>
> > >>># copy input to temporary file
> > >>>cat - > $TMPPATH
> > >>># use spamc to check if it is a spam
> > >>>spamc -c < $TMPPATH
> > >>>
> > >>>if [ "$?" = "0" ] ; then
> > >>>   # No spam or spamc error
> > >>>   $SENDMAIL "$@" < $TMPPATH
> > >>>   EXITCODE=$?
> > >>>   rm $TMPPATH
> > >>>   exit $EXITCODE
> > >>>else
> > >>>   # classified as spam
> > >>>   mv $TMPPATH $QUARANTINEDIR/$TMPFILE
> > >>>   echo "$@" > $QUARANTINEDIR/$TMPFILE.options
> > >>>fi
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> >
> >
> > --
> >
> > regards,
> > Rakesh B. Pal,
> > Project Leader,
> > Emergic CleanMail Team.
> > Netcore Solutions Pvt. Ltd.
> >
> > =================================================> I came, I saw, I conquered
> > =================================================>
> >
> 
> James Smallacombe		      PlantageNet, Inc. CEO and Janitor
> up@3.am							    http://3.am
> ========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCBsxGMJF5cimLx9ARAs3vAJ9sNRiqypSzA3S3M4B8FhEIjq5wzACeJZzM
03N9ViNUNdr9KE/6vBBUcrg=
=LlYJ
-----END PGP SIGNATURE-----