I am trying to recall back at least 2 years, and my notes are poor, and my searching appears to be worst... Seems I recall that last when I set up my apache server, the spammers were posting to it so it would send out the spam on port 25. There was some conf that I did to block this, but I did not document it, and I can't find any reference to this. I don't think my memory is that bad, but it IS sunday... I don't want to put up this new server and have it flooding the world with spam and then get the server blocked. So do I remember correctly that this was a problem? Is it still, and how is this prevented? Thanks. Am putting up better notes this time around.
On 3/3/2013 1:30 PM, Robert Moskowitz wrote:> Seems I recall that last when I set up my apache server, the spammers > were posting to it so it would send out the spam on port 25. There was > some conf that I did to block this, but I did not document it, and I > can't find any reference to this.a webserver can't send email unless you've got email cgi or forms on/in your webpages -- john r pierce 37N 122W somewhere on the middle of the left coast
Am 03.03.2013 22:30, schrieb Robert Moskowitz:> I am trying to recall back at least 2 years, and my notes are poor, and > my searching appears to be worst... > > Seems I recall that last when I set up my apache server, the spammers > were posting to it so it would send out the spam on port 25. There was > some conf that I did to block this, but I did not document it, and I > can't find any reference to this. > > I don't think my memory is that bad, but it IS sunday... > > I don't want to put up this new server and have it flooding the world > with spam and then get the server blocked. So do I remember correctly > that this was a problem? Is it still, and how is this prevented? > > Thanks. Am putting up better notes this time around.Don't run doubtful applications together with apache. Then there is little risk to be misused. Back in time there has been a pretty bad "formmail" cgi around which could be easily misused. Be careful with other applications these days like with wordpress and such. The default SELinux on CentOS does prevent apache to send mail using the sendmail binary: # getsebool httpd_can_sendmail httpd_can_sendmail --> off Alexander
On 03/03/2013 04:33 PM, Reindl Harald wrote:> > Am 03.03.2013 22:30, schrieb Robert Moskowitz: >> I am trying to recall back at least 2 years, and my notes are poor, and >> my searching appears to be worst... >> >> Seems I recall that last when I set up my apache server, the spammers >> were posting to it so it would send out the spam on port 25. There was >> some conf that I did to block this, but I did not document it, and I >> can't find any reference to this > what are you speaking about? > apache is a WEBSERVER and has NOTHING to do with emailThere was an attack, and if you search you will find references to it, where the spammers post to your web server in such a way that they relay out port 25. They send to your port 80, but you send out port 25. For example: http://forums.fedoraforum.org/archive/index.php/t-173601.html My old server has been running smoothly for over two years, but it is time to bring the software current. I did all the work on this back then, or maybe before and copied from my earlier server. This time I am trying to build everything clean and document every change I make.
Am 03.03.2013 22:49, schrieb Robert Moskowitz:> There was an attack, and if you search you will find references to it, > where the spammers post to your web server in such a way that they relay > out port 25. They send to your port 80, but you send out port 25. For > example: > > http://forums.fedoraforum.org/archive/index.php/t-173601.html > > My old server has been running smoothly for over two years, but it is > time to bring the software current. I did all the work on this back > then, or maybe before and copied from my earlier server. This time I am > trying to build everything clean and document every change I make.Such a misbehaviour would be caused by a misconfigured apache proxy setup. Alexander
On 03/03/2013 05:39 PM, Reindl Harald wrote:> > Am 03.03.2013 22:49, schrieb Robert Moskowitz: >> On 03/03/2013 04:33 PM, Reindl Harald wrote: >>> Am 03.03.2013 22:30, schrieb Robert Moskowitz: >>>> I am trying to recall back at least 2 years, and my notes are poor, and >>>> my searching appears to be worst... >>>> >>>> Seems I recall that last when I set up my apache server, the spammers >>>> were posting to it so it would send out the spam on port 25. There was >>>> some conf that I did to block this, but I did not document it, and I >>>> can't find any reference to this >>> what are you speaking about? >>> apache is a WEBSERVER and has NOTHING to do with email >> There was an attack, and if you search you will find references to it, where the spammers post to your web server >> in such a way that they relay out port 25. They send to your port 80, but you send out port 25. For example: >> >> http://forums.fedoraforum.org/archive/index.php/t-173601.html > only if you are so stupid and enable prxy-requests and load > any useless module becuse it exists - in other words: this > only affects poorly wrong configured setups which have way > larger problems as this oneOnce upon a time, it worked this way out of the box. I did NOT set up proxy, and I was being pounded, and found I had to turn it off. Now knowing what to look for, I found my notes and it was back on my '07 server. There is no reason for a general web server to function as a proxy, so for some time it has come with that part commented out. I looked a another '10 box (Centos 5.5) that had apache installed but never used and the proxy part was commented out. So yes, anyone turning on proxy today without care gets what they set up. But again, who needs proxying on a general web server?
On Sun, March 3, 2013 18:57, Eddie G. O'Connor Jr. wrote:> If / when I get the guts to build my own Apache web server...I would > think that the ONLY way to do it would be to document > EVERYTHING....sort > of as a "Just-In-Case" policy?....or is it only after you've built > it?...and when you make CHANGES to your server....THAT'S when you > document everything?.... >The workflow I have adopted with respect to system administration is to use a project management application, such as Trac (originally) or Redmine/ChileProject (currently), and to open an issue for each activity that I perform on any of my servers. Therein I record the motivation for the activity, the desired and intended result, and log my time. I also record each problem that is encountered, solutions as they are found, and insights as they are revealed. I attach configuration files, copies of related email messages, and make any notes right on the issue. As Redmine allows full-text case-insensitive searches I can usually find in fairly short order the details about anything I have done that I can at least dimly recall doing. I add subsequent maintenance events either directly to the original issue or create a new issue and link that to the original. While hardly perfect this practice has saved my behind on several occasions. In fact I would recommend that one document each package install from the initial selection of the software and go on from there. I have had occasion where the question asked of me was "why was this package selected instead of that package?" Having the answer to hand along with the evidence has short-circuited the blame-game on at least one occasion. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3