[Mimedefang] dictionary attacks looking for a valid user

[David F. Skoll]

Ian Mitchell wrote:

> 1. Tail maillog
> 2. grep "user unknown"
> 3. sed relay server
> 4. insert into database "relay server" (which just happens to be spoofed
> to include a "; drop database mysql" encoded in some obscure form)

Any time you use outside data, you have to sanitize it.  You'd use
normal careful programming techniques to avoid SQL injection; it's not
that hard.

Regards,

David.