On Tuesday 25 October 2005 23:00, Covington, Chris wrote: > I believe this sort of spamming uses the CONNECT method. That's what I thought at first, too. Unfortunately it even works without tunneling (CONNECT). The SMTP commands are sent like a HTTP request header. Most of the commands (like GET...) are ignored by the mail server. But the "MAIL FROM" and "RCPT TO" are evaluated. Pretty nifty. However a mailserver which checks for proper pipelining (whether the SMTP client sends the commands one by one) will quickly kick the proxy out. So he will also have to check whether HTTP requests to port 25 would be allowed. But it appears like the OP is busier hunting a single attacker than fixing the hole. :( Christoph -- ~ ~ ".signature" [Modified] 1 line --100%-- 1,48 All
