On Sun, Mar 3, 2013 at 4:37 PM, John R Pierce <pierce at hogranch.com> wrote: > On 3/3/2013 1:30 PM, Robert Moskowitz wrote: >> Seems I recall that last when I set up my apache server, the spammers >> were posting to it so it would send out the spam on port 25. There was >> some conf that I did to block this, but I did not document it, and I >> can't find any reference to this. > > > a webserver can't send email unless you've got email cgi or forms on/in > your webpages > > I have vague (and very distant ~98ish?) memories of apache deployments coming with a mail.cgi that was poorly secured and often exploited to send out emails, but I think that's long since gone the way of the dodo birds. you have to go to some lengths to make webservers interact with email servers. if you're really worried about it, you should also look into removing/blocking proxy connections: http://ihazem.wordpress.com/2010/12/08/apache-forward-proxy-relay-security-problem/ -- Even the Magic 8 ball has an opinion on email clients: Outlook not so good.