Bloody spammers...

As already noted on affordable-wombles, I've finally (I think) figured out where the occasional random deluge of spam my poor mailserver has to put up with comes from. The culprit isn't the mailserver, or any of the tools I'm using to keep the spam down, it's my webserver. I have comment forms on affordable-wombles and shiny. It looks like these are being exploited to trick the mailserver into sending mail it would otherwise completely ignore. Anything dropped into the queue by the user www-data bypasses most of the checks that keep these things out (sender checks, auth checks, that sort of thing) and so they just clog up the server (with the occasional one getting sent to an unfortunate, badly configured mailserver). I've stopped the scripts sending mail for now, just to see what happens. Hopefully I can confirm that's the culprit and fix it.

*sigh*

[Posted with hblogger 2.0 http://www.normsoft.com/hblogger/]

More spammers

It looks like that was the problem. Haven't had anything new spamwise today. I still haven't been able to reproduce the problem. I think I might have to do the POST manually and see what happens. I'm not sure its possible to get the form itself to do the spamming as it passes certain things around unavoidably which would mean the message gets written to the database. The script that actually does the posting only knows what it gets told however, so if you pass an entry id that isn't valid, it won't get written to the database, but it *will* get emailed (which was a stupid thing to do, I admit, I'm not sure what I was trying to achieve there). Anyway, there's a simple fix. The exploit relies on being able to inject \n into the mail() command. It's trivial to block that, so I guess I will. Wish I hadn't spent so long looking into the notion that postfix was causing the problem.