httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Reid" <da...@jetnet.co.uk>
Subject Re: Fw: Spam postings via Apache to postfix on the same host
Date Sat, 05 Jul 2003 20:46:25 GMT
I figured as much that's why I cross-posted here from the postfix list :)

I'm +1 on removing the default proxy stuff as well. If not then we should
change it to be secure by default if that's possible.

Hopefully the person concerned found all the interest helpful?

david

----- Original Message -----
From: "Joshua Slive" <joshua@slive.ca>
To: <dev@httpd.apache.org>
Sent: Saturday, July 05, 2003 7:44 PM
Subject: Re: Fw: Spam postings via Apache to postfix on the same host


>
> On Sat, 5 Jul 2003, David Reid wrote:
> > > 203.98.177.86 - - [24/Jun/2003:12:33:27 +0200] "POST
> > > http://xx.xx.xx.xx:25/  HTTP/1.1" 200 208
>
> Yes, it's an apache configuration problem.  They set "ProxyRequests On"
> without properly securing their proxy server.  This means they can be
> abused for tons of purposes, one of which is spam.
>
> One possible thing we could do is simply remove the sample proxy config
> from our default httpd.conf.  These samples make it too easy for people to
> activate a proxy without securing it properly.
>
> Joshua.
>


Mime
View raw message