Re: preventing apache from being a mail relay

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 03/03/2013 05:46 PM, Joseph Spenner wrote:
> On 03/03/2013 05:06 PM, Alexander Dalloz wrote:
>
>> Am 03.03.2013 22:49, schrieb Robert Moskowitz:
>>
>>> There was an attack, and if you search you will find references to it,
>>> where the spammers post to your web server in such a way that they relay
>>> out port 25.  They send to your port 80, but you send out port 25.  For
>>> example:
>>>
>>> http://forums.fedoraforum.org/archive/index.php/t-173601.html
>>>
>>> My old server has been running smoothly for over two years, but it is
>>> time to bring the software current.  I did all the work on this back
>>> then, or maybe before and copied from my earlier server.  This time I am
>>> trying to build everything clean and document every change I make.
>> Such a misbehaviour would be caused by a misconfigured apache proxy setup.
>> It is coming back now through a pair of dark glasses. Just haven't built
>> a public web server is so long, as the old one just ran for as little as
>> I needed it, that I lost the notes on the problem. Looks like current
>> defaults do not allow this.
> Wouldn't this attack be similar to using someone's web server as a proxy to get to other sites?  By default, apache doesn't permit itself to "proxy" this way.

Not anymore.  Once upon a time, the internet was a nice place and so 
what if you proxied?  But the dragons were always lurking there, ready 
to feed...


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux