[CentOS] preventing apache from being a mail relay

Sun Mar 3 21:58:15 UTC 2013
zGreenfelder <zgreenfelder at gmail.com>

On Sun, Mar 3, 2013 at 4:37 PM, John R Pierce <pierce at hogranch.com> wrote:
> On 3/3/2013 1:30 PM, Robert Moskowitz wrote:
>> Seems I recall that last when I set up my apache server, the spammers
>> were posting to it so it would send out the spam on port 25.  There was
>> some conf that I did to block this, but I did not document it, and I
>> can't find any reference to this.
>
>
> a webserver can't send email unless you've got email cgi or forms on/in
> your webpages
>
>

I have vague (and very distant ~98ish?) memories of apache deployments
coming with a mail.cgi that was poorly secured and often exploited to
send out emails, but I think that's long since gone the way of the
dodo birds.   you have to go to some lengths to make webservers
interact with email servers.  if you're really worried about it, you
should also look into removing/blocking proxy connections:

http://ihazem.wordpress.com/2010/12/08/apache-forward-proxy-relay-security-problem/

-- 
Even the Magic 8 ball has an opinion on email clients: Outlook not so good.