From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 00:49:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D298216A420 for ; Thu, 16 Feb 2006 00:49:00 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from mail.scls.lib.wi.us (mail.scls.lib.wi.us [198.150.40.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7760D43D45 for ; Thu, 16 Feb 2006 00:49:00 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from [172.26.2.238] ([172.26.2.238]) by mail.scls.lib.wi.us (8.12.9p2/8.12.9) with ESMTP id k1G0muR4066441; Wed, 15 Feb 2006 18:48:56 -0600 (CST) (envelope-from nalists@scls.lib.wi.us) Message-ID: <43F3CBF8.2070703@scls.lib.wi.us> Date: Wed, 15 Feb 2006 18:48:56 -0600 From: Greg Barniskis User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Glenn McCalley References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> <46981.4.17.250.5.1140036274.squirrel@webmail.psys.org> <002d01c63274$639f0980$6601a8c0@bnetmd.net> In-Reply-To: <002d01c63274$639f0980$6601a8c0@bnetmd.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: how to tell what ran what X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 00:49:00 -0000 Glenn McCalley wrote: > Thanks Brian, that's already tonights project to run through those logs and > see if anything jumps out there. What I think he might be doing is either > POSTing the parameters (which won't show up) or he's loaded a file of email > addresses and just triggers the mailer with a simple cgi request. Either > way he's got to be calling sendmail or mail to get it out the door I > believe. Actually, they can use a number of other ways to create the outbound SMTP connections. Perl, for instance, offers the Net::SMTP module (and numerous others that'd do the trick). They don't need to call on binaries outside of their own cgi-bin or leave any tracks for you other than a web access log entry. You might consider putting your customers in jails with unique IP numbers as a way to better strain out whose CGI is the source of what packets on your network. Probably not a trivial change to your working environment, but maybe worth it in the long run. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348