PLEASE! httpd and maildrop

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

PLEASE! httpd and maildrop

Homer Wilson Smith-3

    How exactly does httpd drop mail into maildrop hundreds
per minutes and I can't find any process at all that indicates this
is going on even while it is going on.

    Homer

------------------------------------------------------------------------
Homer Wilson Smith   Clean Air, Clear Water,    Art Matrix - Lightlink
(607) 277-0959       A Green Earth, and Peace,  Internet, Ithaca NY
[hidden email]  Is that too much to ask?   http://www.lightlink.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PLEASE! httpd and maildrop

Wietse Venema
Homer Wilson Smith:
>
>     How exactly does httpd drop mail into maildrop hundreds
> per minutes and I can't find any process at all that indicates this
> is going on even while it is going on.

It invokes /usr/sbin/sendmail. See also:

http://www.postfix.org/postconf.5.html#authorized_submit_users

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PLEASE! httpd and maildrop

Noel Jones-2
In reply to this post by Homer Wilson Smith-3
On 6/14/2017 12:52 PM, Homer Wilson Smith wrote:

>
>    How exactly does httpd drop mail into maildrop hundreds
> per minutes and I can't find any process at all that indicates this
> is going on even while it is going on.
>
>    Homer
>
> ------------------------------------------------------------------------
>
> Homer Wilson Smith   Clean Air, Clear Water,    Art Matrix - Lightlink
> (607) 277-0959       A Green Earth, and Peace,  Internet, Ithaca NY
> [hidden email]  Is that too much to ask?  
> http://www.lightlink.com


Usually this is caused by an insecure web form calling the sendmail
command.

You'll need to go through your httpd logs to find what form is being
abused, and either fix that form or remove it.

A temporary fix is to disallow whatever user httpd run as from using
the sendmail command
# main.cf
authorized_submit_users = !www, static:all

Where www  is the user your httpd runs as.
http://www.postfix.org/postconf.5.html#authorized_submit_users

Of course the other temporary fix is to turn off the httpd service.




  -- Noel Jones
Loading...