[Mimedefang] Lessons learned...

[Kelson]

Ben Kamen wrote:
> Turns out, a web script I wrote OH so long ago was being utilized for 
> sending
> spam.

I had a similar experience a couple of years ago.  Fortunately we caught 
it while they were still just sending probes.  In our case it was a 
header injection attack.  So I went through and audited all our email 
scripts to see how well they validated input.

> So it's fixed. The spammer thinks he's still sending spam, but actually,
> I'm logging all the places he's trying to SPAM along with the message content.
> 
> Hmmm... pipe it into SPAM? It's a full email file! hahaha.. 

Sneaky!

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>