On 03/03/2013 04:58 PM, zGreenfelder wrote:
On Sun, Mar 3, 2013 at 4:37 PM, John R Pierce pierce@hogranch.com wrote:
On 3/3/2013 1:30 PM, Robert Moskowitz wrote:
Seems I recall that last when I set up my apache server, the spammers were posting to it so it would send out the spam on port 25. There was some conf that I did to block this, but I did not document it, and I can't find any reference to this.
a webserver can't send email unless you've got email cgi or forms on/in your webpages
I have vague (and very distant ~98ish?) memories of apache deployments coming with a mail.cgi that was poorly secured and often exploited to send out emails, but I think that's long since gone the way of the dodo birds. you have to go to some lengths to make webservers interact with email servers. if you're really worried about it, you should also look into removing/blocking proxy connections:
http://ihazem.wordpress.com/2010/12/08/apache-forward-proxy-relay-security-p...
That may have been the attack vector way back when. Now the proxy directives come commented out, so supposedly you are suppose to know the risks of running a proxy.