Изпечатай

[dunamis]

Здравейте,
Имам един Qmail server който ми прави следния проблем. Получава се едно писмо (съдържанието му ще пусна накрая) след като се получи от мейл сървъра писмото се саморазпраща на BCC адресите. Възможно ли е да става така като го описва и какво може да се направи за да се спре подобно нещо?
Системата е RH9 а Qmail-a е инсталиран според инструкциите то http://www.qmailrocks.org/

Примерен код

Return-Path: <root@my-mx.com> Delivered-To: ss@mydomain.com Received: (qmail 14836 invoked by uid 634); 11 Feb 2006 04:03:53 -0800 Delivered-To: support@mydomain.com Received: (qmail 14716 invoked by uid 48); 11 Feb 2006 04:03:46 -0800 Date: 11 Feb 2006 04:03:46 -0800 Message-ID: <20060211120346.14715.qmail@my-mx.com> To: support@mydomain.com Subject: InvestorAlerts@mydomain.com MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 From: "InvestorAlerts@mydomain.com" <InvestorAlerts@my-mx.com Content-Type: multipart/mixed; boundary=e2bf01dc2f022f8d623db27cb55511d5 MIME-Version: 1.0 From: InvestorAlerts@mydomain.com Subject: You are merely one of the tens of millions of investors receiving     this Alert, think about it! This is a multi-part message in MIME format. --e2bf01dc2f022f8d623db27cb55511d5 Content-Type: text/text; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit SUPERSTOCK EXPLOSIVE PICK FOR OUR MEMBERS MHPT Forecast Trading on the OTC Pink Sheets (MHPT:PK), the company has rocketed up 78% since its trading debut January 9th of this year. With privacy concerns and Healthcare costs at the forefront of todays headlines, MHPT tests positive for continued price appreciation. This stock could easily double or triple from its current levels, especially if its home HIV test is approved by the FDA this year. Ticker Symbol:  MHPT.PK      Buy  Aggressively Target:         0.75 Last Trade: 0.17 Change:  +0.070  70% Opened At:  0.10 Day Range:  0.09 - 0.19 Volume:       815,363 MHPT Tests Positive for Helping Americans Keep their Personal Information Private !  Medical records are among the most personal information about an individual. Yet, Americans have greater privacy protections over the records of video rentals than over their medical records.  If you have visited a doctor's office, hospital or pharmacy over the past few months, you may have received a notice telling you that your medical records may be turned over to the government for law enforcement or intelligence purposes. More often than not, these notices contain ominous language like: "National Security and Intelligence Activities Or Protective Services. We may disclose your health information to authorized federal officials who are conducting national security and intelligence activities or providing protective services to the President or other important officials."  These notices have heightened the growing public concern over the privacy of medical records and made it plain that the recent "Medical Privacy" rules - enacted under the Health Insurance Portability and Accounting Act of 1996 (HIPAA) - offer patients far less protection than the Federal Government promises. In fact, The HIPAA rules provide a wide variety of circumstances under which medical information can be disclosed without explicitly requiring a court order or warrant! FDA mulls over OTC HIV tests One way people are taking back their privacy is by utilizing medical home test kits, diagnostic devices and other medical items over the Internet. These products are used in the convenience and privacy of the home or business to detect drug and alcohol abuse, to measure glucose and cholesterol levels, to detect selected diseases and to measure hormone and mineral levels; also DNA home test kits are available for testing paternity.  While some companies only specialize in home pregnancy or diabetes, one company virtual does it all, Medical Home Products, (MHPT.PK) The company, an International resale provider of over 200 self-test medical kits sold through its e-commerce sites and direct sales affiliates. Medical Home Products differentiates itself in the 2.82 Billion Dollar U.S. self-test kit market by selling a comprehensive line of cross selection medical products for diabetes, cholesterol, DNA, fertility, HIV, mineral levels, pregnancy, prostate, thyroid, drug and alcohol testing. Medical Home Products operates a direct sales and virtual network to the worldwide home medical market, organized clinics and drug rehab facilities. The public has embraced this industry for allowing them to test for private and sometimes embarrassing health issues that are better left between doctor and patient. Statements that are contained in this press reIease that are not necessariIy based upon any specific current or historical fact and are forward-Iooking in nature. Such forward-Iooking statements reflect the current views of management with respect to future events and are subject to certain risks, uncertainties, and assumptions. Should one or more of these risks or uncertainties materiaIize or should underIying assumptions prove incorrect, actual results may vary materially from those described herein as anticipated, believed, expected, or described pursuant to similar expressions. --e2bf01dc2f022f8d623db27cb55511d5-- . > Reply-To: "InvestorAlerts@mydomain.com" <InvestorAlerts Content-Type: multipart/mixed; boundary=e2bf01dc2f022f8d623db27cb55511d5 MIME-Version: 1.0 From: InvestorAlerts@mydomain.com Subject: You are merely one of the tens of millions of investors receiving     this Alert, think about it! bcc: fings10598@aol.com, asperg6@aol.com, aishayo@aol.com, alspals13@aol.com,     a1boogz @aol.com, fhall13339@aol.com, afcgooner2001@aol.com,     adolphs587@aol.com, fordrt12@aol.com, dowljgj@aol.com,     dlamonte@aol.com, apri1fool@aol.com, MALMAL700@aol.com,     derreldup@aol.com, cybercowboy13@aol.com, JUSTRYME4569@aol.com,     droltums@aol.com, eyemanone@aol.com, SQAlpine@aol.com,     RchdsnThms@aol.com, cyberwalker32961@aol.com, MTa1951444@aol.com,     exp10@aol.com, emerram@aol.com, OhCyn@aol.com, drrob777@aol.com,     eve88nwut@aol.com, fmina0309@aol.com, fatman1441@aol.com,     dimibayern@aol.com, delvin5@aol.com, drhholst@aol.com,     elkepple@aol.com, Apatte5564@aol.com, ashhorne@aol.com,     ekbower@aol.com, firefighterchili@aol.com, desunk5@aol.com,     eyebpishin2@aol.com, TruSweetY4U@aol.com, flytomcats@aol.com,     djt1180@aol.com, flawlessrware@aol.com, flsun1001@aol.com,     dianaxvx@aol.com, chetta2k@aol.com, edwardshkel@aol.com,     dickiebbb@aol.com, ahmedbhatti@aol.com, antoniox69 @aol.com,     fallenpwer@aol.com, anneke789@aol.com, adeptpheo@aol.com,     aircooleddie @aol.com, fhample351@aol.com, durtles@aol.com,     fl101677@aol.com, fijiwah1@aol.com, amyflk @aol.com,     eabouma@aol.com, anthnyrogerslcsw @aol.com, aerusse @aol.com,     flowerchildcl@aol.com, dragonred69@aol.com, arm86chair @aol.com,     floessi@aol.com, emilynne2@aol.com, akidd8878@aol.com,     fasoltstl@aol.com, flemynggirl@aol.com, fillerbean@aol.com,     aralimon04@aol.com, eurikajoe @aol.com, csbiker28021408@aol.com,     adance1414@aol.com, divadelite425@aol.com, annwoof2@aol.com,     flying1903@aol.com, charieses329@aol.com,     eheeaglehaslanded@aol.com, dlb828222@aol.com, adarla@aol.com,     adpintone@aol.com, forestber2@aol.com, evilqueen71301@aol.com,     dwaded@aol.com, buttmonkey007@aol.com, domfly@aol.com,     foghatt99@aol.com, KDEldon@aol.com, firewa1ker@aol.com,     extacy2000@aol.com, BGHORN2@aol.com, flyinguser@aol.com,     adsoccer28@aol.com, Deeepika@aol.com, dwb2507@aol.com,     dnllshawn@aol.com, calving4@aol.com, ajbow94@aol.com,     crazybiatch1919@aol.com, ehmartin@aol.com, doowoppi@aol.com,     fgdavis01@aol.com, Clouds871920228@aol.com, ernierivas@aol.com,     dlrobs@aol.com, Kitamurafensu@aol.com, aborusiewicz@aol.com,     eddiegee3@aol.com, fotbproductions@aol.com, abller@aol.com,     aissous@aol.com, aphone2000@aol.com, dinoz99@aol.com,     drjlbaker@aol.com, dansausins@aol.com, arrowsfive@aol.com,     foxyone4gotn@aol.com, Turbojoyce@aol.com, akoerbitz@aol.com,     folahano@aol.com, cjdiebel@aol.com, fivealive22@aol.com,     drert236 @aol.com, ems134@aol.com, aathalye@aol.com,     dueittsa@aol.com, ainjil83@aol.com, animalactivistmw@aol.com,     fivrft5soul@aol.com, fidemcia@aol.com, anjatidoc@aol.com,     fox4star@aol.com, arwen159@aol.com, adams328@aol.com,     dmoellas@aol.com, eminem46k@aol.com, angccm @aol.com,     djmwjk@aol.com, dixsondovie@aol.com, alecredranger @aol.com,     arboy32@aol.com, dshammen@aol.com, Jester119@aol.com,     alonbrwn@aol.com, fondlefool@aol.com, astridwisser@aol.com,     dickkopfnadine1@aol.com, aorz@aol.com, dtpoppen@aol.com,     epsbca@aol.com, acidpyro13@aol.com, enjoyer00@aol.com,     emteddybear@aol.com, aurelie0007@aol.com, digbyone@aol.com,     forpauley@aol.com, astonhotel@aol.com, a1courier2001@aol.com,     fcxt@aol.com, danistor@aol.com, dononpoint @aol.com,     engprof97@aol.com, dmcribbs@aol.com, MIDN9STRKR@aol.com,     dobb4 @aol.com, flp4203@aol.com, fischpe@aol.com,     amuehlenbruch @aol.com, Perdue43@aol.com,     dixonchristine1@aol.com, donalfredo28@aol.com, firestor@aol.com,     fourfootgr@aol.com, Ska8er1021@aol.com, adrianamenezes@aol.com,     fpcinv@aol.com, ars42191@aol.com, fippquest@aol.com,     fishcatwood@aol.com, allurs4now@aol.com, dpanhans@aol.com,     farls989@aol.com, frankieb04@aol.com, farmer5890@aol.com,     football99dj1@aol.com, finagle2@aol.com, danandcats@aol.com,     flipmode7@aol.com, djd254@aol.com, emily0681@aol.com,     dwekwert@aol.com, driverexam@aol.com, diedhoff@aol.com,     dsize6528@aol.com, flaceliere@aol.com, doy41923@aol.com,     How dare you send me this bigotted trasah. You bring shame to Jesus     Christ@aol.com, dsado61849@aol.com, dolphintrainr@aol.com,     asrayel@aol.com, fisher2707175814@aol.com, fionagail1@aol.com,     abduct821@aol.com, falkirin@aol.com, fishwizz@aol.com,     dumblonde280@aol.com, firefallzstar@aol.com,     foettinger61@aol.com, dtheet5489@aol.com, enree @aol.com,     etchasketc@aol.com, ekang94658@aol.com, dirtynicole@aol.com,     anothrdmbblonde@aol.com, avitti23@aol.com, focfrance@aol.com,     Margbrady@aol.com, Smooth20xx@aol.com, feloniousnature@aol.com,     emg1234@aol.com, angleaaliotolaw @aol.com, ech67@aol.com,     cdobschens@aol.com, RJAIM99@aol.com, alanzo97@aol.com,     doff1542@aol.com, fma6200099@aol.com, dm4nova@aol.com,     dirtraycin@aol.com, christopherkay2k@aol.com, acg211@aol.com,     flgrl311@aol.com, fasig1@aol.com, espera9765@aol.com,     adelsyl@aol.com, ajsincere4u2nv@aol.com, N4RFV@aol.com,     fallyfal@aol.com, enbirmingha@aol.com, dort22@aol.com,     ahc142@aol.com, DTY450@aol.com, flylady090@aol.com,     Eve141@aol.com, emcten7@aol.com, fitlinets@aol.com,     eclecktik1@aol.com, eastiemom@aol.com, eebostick@aol.com,     DESERSTORM@aol.com, eric45200@aol.com, fbbbev@aol.com,     dpiwin@aol.com, abailey805@aol.com, flipsidepinoy29@aol.com,     dspaul1017@aol.com, ealexkatz@aol.com, achimcaro@aol.com,     doneill104@aol.com, attycathy@aol.com, filampnay15@aol.com,     dragonflylili@aol.com, Smithski109@aol.com, abjmail @aol.com,     fortinhall@aol.com, dsadjuster@aol.com, fbrody@aol.com,     donoder @aol.com, KelleyMCknights@aol.com, dvmx64@aol.com,     dimp1088@aol.com, charlotteson@aol.com, esacra1723@aol.com,     dlajarris@aol.com, abbs1995@aol.com, diva59diva@aol.com,     afhluck@aol.com, doxyfred@aol.com, ahawaii@aol.com,     ademachick8823@aol.com, elajo@aol.com, ene233232333@aol.com,     ajadu@aol.com, dienachteuleuhu@aol.com, djdinlv@aol.com,     fisherboy2003@aol.com, abdalle@aol.com, donnalfinore@aol.com,     akashabloodlst@aol.com, dryno69@aol.com, firepotstoodin@aol.com,     eightanout@aol.com, ezmoving@aol.com, fowlerlcf@aol.com,     docscully@aol.com, eastpointfucatl@aol.com, firelilly29@aol.com,     foxygrrrl5@aol.com, daniel200788@aol.com, drescherdsy@aol.com,     etgrypha333@aol.com, ShiSky2@aol.com, enkatya@aol.com,     flavagirl00@aol.com, dickasselin@aol.com, daaatony@aol.com,     achuffm@aol.com, eruizhern@aol.com, dkessen@aol.com,     angel5791 @aol.com, eselswallach@aol.com, dirkrudel@aol.com,     abajenchen@aol.com, CARTHURELL@aol.com, flucasb@aol.com,     fneralhme@aol.com, dollhnds@aol.com, fitz0167@aol.com,     djne1469@aol.com, djoklitschke@aol.com, RBuckley73@aol.com,     adfirth@aol.com, fixtel@aol.com, eventhorizonx1@aol.com,     ficshun13@aol.com, flea29841@aol.com, aalee007 @aol.com,     Univtrooper@aol.com, adrielnav@aol.com, dxx3818817@aol.com,     fballtd40@aol.com, adenebosa@aol.com, cutesk8nme@aol.com,     abelreels @aol.com, djoines827@aol.com, ecotuning@aol.com,     ecjmvan1@aol.com, danielgo72@aol.com, ekimyours@aol.com,     duncanamsmith@aol.com, flyinghigh924613@aol.com,     alij101 @aol.com, flmman3@aol.com, SmoothTony1974@aol.com,     fannyfoxy2002@aol.com, Dafoxymy@aol.com, acardonapera@aol.com,     andy1mann@aol.com, REEFster81@aol.com, adecarvalhojr@aol.com,     flybosshogg@aol.com, dst8340051@aol.com, dmakiya@aol.com,     KFlight31@aol.com, dadtpdaley@aol.com, KD1411@aol.com,     feckw@aol.com, alikat3068@aol.com, aprilmainqueen44@aol.com,     electricgenocid@aol.com, fber357851@aol.com,     fortressofthenet@aol.com, apollo347 @aol.com, ewoman123@aol.com,     fa5561@aol.com, eandnlampa@aol.com, amarilyn3@aol.com,     dbuzzz101@aol.com, ericluvspokemon@aol.com, doyoucheer@aol.com,     fhraab@aol.com, eslade77@aol.com, firefightere01@aol.com,     fabri89517@aol.com, Kim151@aol.com, djkittenkiller@aol.com,     akiramanda@aol.com, drmintx @aol.com, dlee47172@aol.com,     emponi@aol.com, djkmi8@aol.com, flirtla@aol.com,     Kwidjybo@aol.com, aucelot@aol.com, doojjee@aol.com,     fireball157@aol.com, flyingdsirishblu@aol.com, einiro@aol.com,     ainayat@aol.com, diannem704@aol.com, faithpickm@aol.com,     dasygirl1012@aol.com, akaym @aol.com, edalterson@aol.com,     eclipse689@aol.com, ercart@aol.com, donthatefool@aol.com,     emac2323@aol.com, compkidlg@aol.com, dlbpark@aol.com,     crewandevansltd@aol.com, dwschpp@aol.com, adequanrep@aol.com,     drmcatcherkate@aol.com, finkbob@aol.com, Lgraham645@aol.com This is a multi-part message in MIME format. --e2bf01dc2f022f8d623db27cb55511d5 Content-Type: text/text; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit SUPERSTOCK EXPLOSIVE PICK FOR OUR MEMBERS MHPT Forecast Trading on the OTC Pink Sheets (MHPT:PK), the company has rocketed up 78% since its trading debut January 9th of this year. With privacy concerns and Healthcare costs at the forefront of todays headlines, MHPT tests positive for continued price appreciation. This stock could easily double or triple from its current levels, especially if its home HIV test is approved by the FDA this year. Ticker Symbol:  MHPT.PK      Buy  Aggressively Target:         0.75 Last Trade: 0.17 Change:  +0.070  70% Opened At:  0.10 Day Range:  0.09 - 0.19 Volume:       815,363 MHPT Tests Positive for Helping Americans Keep their Personal Information Private !  Medical records are among the most personal information about an individual. Yet, Americans have greater privacy protections over the records of video rentals than over their medical records.  If you have visited a doctor's office, hospital or pharmacy over the past few months, you may have received a notice telling you that your medical records may be turned over to the government for law enforcement or intelligence purposes. More often than not, these notices contain ominous language like: "National Security and Intelligence Activities Or Protective Services. We may disclose your health information to authorized federal officials who are conducting national security and intelligence activities or providing protective services to the President or other important officials."  These notices have heightened the growing public concern over the privacy of medical records and made it plain that the recent "Medical Privacy" rules - enacted under the Health Insurance Portability and Accounting Act of 1996 (HIPAA) - offer patients far less protection than the Federal Government promises. In fact, The HIPAA rules provide a wide variety of circumstances under which medical information can be disclosed without explicitly requiring a court order or warrant! FDA mulls over OTC HIV tests One way people are taking back their privacy is by utilizing medical home test kits, diagnostic devices and other medical items over the Internet. These products are used in the convenience and privacy of the home or business to detect drug and alcohol abuse, to measure glucose and cholesterol levels, to detect selected diseases and to measure hormone and mineral levels; also DNA home test kits are available for testing paternity.  While some companies only specialize in home pregnancy or diabetes, one company virtual does it all, Medical Home Products, (MHPT.PK) The company, an International resale provider of over 200 self-test medical kits sold through its e-commerce sites and direct sales affiliates. Medical Home Products differentiates itself in the 2.82 Billion Dollar U.S. self-test kit market by selling a comprehensive line of cross selection medical products for diabetes, cholesterol, DNA, fertility, HIV, mineral levels, pregnancy, prostate, thyroid, drug and alcohol testing. Medical Home Products operates a direct sales and virtual network to the worldwide home medical market, organized clinics and drug rehab facilities. The public has embraced this industry for allowing them to test for private and sometimes embarrassing health issues that are better left between doctor and patient. Statements that are contained in this press reIease that are not necessariIy based upon any specific current or historical fact and are forward-Iooking in nature. Such forward-Iooking statements reflect the current views of management with respect to future events and are subject to certain risks, uncertainties, and assumptions. Should one or more of these risks or uncertainties materiaIize or should underIying assumptions prove incorrect, actual results may vary materially from those described herein as anticipated, believed, expected, or described pursuant to similar expressions. --e2bf01dc2f022f8d623db27cb55511d5-- . > InvestorAlerts@mydomain.com

10x

[ray]

Здравей,
Това което описваш прилича на "open relay" сървър.
Всеки такъв е златна мина за спамерите !!!
Виж какво има в: /var/qmail/control/rcpthosts файла, не трябва да е празен.
За инструкции (документация) виж:www.lifewithqmail.org (там това е обяснено).
Пусни: "#cat /var/qmail/control/rcpthosts".
Успех.Румен

[dunamis]

файла не е празен, в него са всички локално хостнати домейни.
освен това има и SMTP_AUTH включен. а самото съобщение е конструирано много особенно. Виж затварящите скоби на replay-to и from полетата.

Струва ми се че става нещо от типа на това:
изпращат емейл до истински потребител който емейл обърква qmail-a и той започво до разпраща до емейлите в скритото ВСС поле.

Не знам дали е възможно подобно нещо!

[ray]

Здравей,
Коя програма проверява потреб./парола при SMTP-AUTH или ползваш POP-before-SMTP за Auth ?
Какви са настройките в: /etc/tcp.smtp или нещо подобно (при мен това е в /etc/tcprules.d/tcp.qmail-smtp - Gentoo) ?
Компилирал ли си tcp-smtp.cdb базата данни след евентуална промяна?
Румен

[dunamis]

Това се намира във файла за който питаш:
127.:allow,RELAYCLIENT=""

Не ползвам POP-before-SMTP а smtp-auth patch за Qmail-a което иска юзера да си въведе истинските емейл и парола които ползва за POP3 достъп. А самите юзери и пароли се пазят в SQL база данни

[ray]

Здравей,
Дали пък не е някой от потребителите, или друг с чужда парола?
Имаше сайт (потърси в Google) който проверява за "open-relay" и пусни една проверка, може и ръчно с 'telnet' на локалната машина, но не помня точно командите.
Успех.Румен

[dunamis]

хм.... а може ли да го прави някой червей за Apache? Защото uid 48 е уид-а на апачито!

[dunamis]

Май е PHP form injection
ще ги трепя тия писачи, само да открия формата която маже така?!@#?#@$%