Bah!!
##############################################################################
# FormMail Version 1.6
#
# Copyright 1995-1997 Matt Wright mattw@worldwidemart.com
#
# Created 06/09/95 Last Modified 05/02/97
#
# Matt's Script Archive, Inc.: http://www.worldwidemart.com/scripts/
#
##############################################################################
I found them!! I modified them with the following command:
rm formmail.pl
Thanks for the advice! Saved me allot of time, that would explain why the
bounce messages were returning to the user nobody@superfreeway.com..
Though, I am still confused with the odd output of your nmap run.
Aharon
On Tue, 5 Jun 2001, herrold wrote:
> On Tue, 5 Jun 2001, Aharon wrote:
>
> > Another thing I have noticed is that all the bounced messages are going to
> > nobody@superfreeway.com ... The only processes which run as nobody is
> > httpd. But, this may be standard if sendmail has no idea where to send
> > the bounce message.
>
> Dollars to doughnuts, you or one of your users is running the Matt
> Script Archive formmail ... there is a script vulnerabiility which
> allows you to be sed as a relay -- and then the RBL got you.
>
> There is a domain check, and if the referred variable is NULL, it
> ALLOWS the post -- so the script needs to have that path removed. I
> had the misfortune of discovering that a end user had installed the
> script (unsafely), and opened a host at a site I admin
> professionally.
>
> -- Russ
>
> ------------------
>
> That host is also offering an awful lot of services. Is that
> intentional?
>
> [herrold@swampfox herrold]$ nmap mail.superfreeway.com
>
> Starting nmap V. 2.3BETA10 by Fyodor (fyodor@dhp.com,
> www.insecure.org/nmap/)
> Interesting ports on (63.140.74.37):
> (Ports scanned but not shown below are in state: filtered)
> Port State Protocol Service
> 21 open tcp ftp
> 23 open tcp telnet
> 25 open tcp smtp
> 43 unfiltered tcp whois
> 53 open tcp domain
> 80 open tcp http
> 110 open tcp pop-3
> 113 open tcp auth
> 143 unfiltered tcp imap2
> 443 unfiltered tcp https
> 6666 unfiltered tcp irc-serv
> 6667 unfiltered tcp irc
> 6668 unfiltered tcp irc
> 7000 unfiltered tcp afs3-fileserver
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 313 seconds
> [herrold@swampfox herrold]$ telnet mail.superfreeway.com ftp
>
>
-- vgextend /dev/myself /dev/nichole /dev/sarah /dev/misty /dev/julie "I extend myself over many women - Aharon"Unix Administrator Tampa, Florida
Websites: http://www.tamparacing.com http://www.ls6.com http://www.lastgen.com
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:56:56 EDT