psyko514

First, I got an email like this:

BEGINABCDFORMMAIL*MYDOMAIN*.com/cgi-sys/formmail.plTSTSendMailTSTENDABCD

where *MYDOMAIN* is one of my domain names.

and then approx 300 emails similar to this:

The original message was received at Sun, 18 May 2003 07:05:10 -0400 (EDT)
from server10.webhost.com [66.XXX.XXX.212]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. The next line contains a second error message which is a general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail administrator.

--AOL Postmaster



----- The following addresses had permanent fatal errors -----
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>

----- Transcript of session follows -----
... while talking to air-yb03.mail.aol.com.:
>>> RCPT To:<[email protected]>
<<< 550 jusev IS NOT ACCEPTING MAIL FROM THIS SENDER
550 <[email protected]>... User unknown
>>> RCPT To:<[email protected]>
<<< 550 MAILBOX NOT FOUND
550 <[email protected]>... User unknown
>>> RCPT To:<[email protected]>
<<< 550 MAILBOX NOT FOUND
550 <[email protected]>... User unknown
>>> RCPT To:<[email protected]>
<<< 550 MAILBOX NOT FOUND
550 <[email protected]>... User unknown
>>> RCPT To:<[email protected]>
<<< 550 MAILBOX NOT FOUND
550 <[email protected]>... User unknown
>>> RCPT To:<[email protected]>
<<< 550 jusenuf00 IS NOT ACCEPTING MAIL FROM THIS SENDER
550 <[email protected]>... User unknown
>>> RCPT To:<[email protected]>
<<< 550 MAILBOX NOT FOUND
550 <[email protected]>... User unknown

__________________

psyko514

now it seems to me somebody is not only using my server to send out spam, but they're using me as a reply-to address as well, so i'm getting all the bounced emails? am i correct?

__________________

Why

it has to do with the headers in your formmail, the email that all errors and bounces to is yours so they are all coming to you.

if you need help securing this hit me on icq.

psyko514

ok, nevermind, problem solved:
found this amongst all the bounced spam:

"There has been a security hole found that allows formail to be used by unauthorized persons. In effect allowing spam to be sent from your domain. This hole is found in the following scripts."

__________________

vending_machine

Yeah, get the latest formmail script and replace the one you have. The old ones have a serious security hole that spammers love