|
Question : PHP security issues leading to Spam (mail header injection) / Setting Sendmail restrictions
|
|
Background Information - What is email header injection? Email header injection is the process of sticking extra data into a form field so that new headers are generated in the email. Imagine a text field for the emails subject. Without proper checks, it is easy for someone to bypass the (very basic) form restrictions and insert a multi-line entry. So not only would they be giving the email a subject line, but perhaps also adding in a few lines of BCC: [email protected],user2@domain.com etc. The email would then be sent to multiple people (with the message of their choosing in the body). This is a very simple example, and there are many more complicated methods, but it is the #1 most common problem with email forms, and why so many people suddenly discover that their server has been sending out a massive amount of spam.
My question : We host some clients sites on a dedicated server rented from a datacenter. We have recently become the targets of spam attacks from those despicable spammers. They somehow locate vulnerable forms in our clients sites and use them to relay huge amounts of spam emails. This attack known as "mail header injection" has become a serious issue as our server was so overloaded it went down for hours in some cases, not to mention we receive legitimate spam complaints. We know how to locate potentially dangerous forms called formmail.* for example, and we know how to secure them with a session cookie or Turing code. My question is, because there is no way we can monitor every file users upload on the server, to know if such a case was to occur again, how we could immediately find out which client domain is sending the spam ? (We installed log files from the sendmail but they wouldn't give us the correct domain). I would be interested in a general monitoring solution letting us know how many emails are sent and received by each domain such as isoqlog : opinions on that ? Anything better ? More generally I know there are some drastic solutions to limit the use of the PHP Mail function - I see no legitimate reason why a client would have to send more than a few mails an hour, so can we set that limit server-wide ? That server is a Fedora Linux machine running Plesk.
Thank you for your time and expertise.
|
Answer : PHP security issues leading to Spam (mail header injection) / Setting Sendmail restrictions
|
|
Hmmm.....
I can't think of an easy way to control this in a *stock* sendmail environment. There may be a local "check_rcpt" rule you can write... I'm not really that skilled in the internals of sendmail rulesets. I can imagine its possible, but I don't know how to write it.
What is probably a bit easier is to use the MILTER interface - this allows a third-party software to participate in the SMTP conversation, at every step from HELO through past the DATA step (basically up to the point where the message is accepted and queued). MIMEDefang (http://www.mimedefang.org) is an example, altho I'm not sure it'll do what you want.
Anyway, my idea is to use a MILTER to reject E-Mail where BCC is used (or perhaps even CC) is used.
One thing you *can* do in the stock sendmail environment is limit the number of recipients per message, and the rate of connection from the PHP-hosting server. See this PAQ for some ideas --> http://www.experts-exchange.com/Networking/Email_Groupware/Sendmail/Q_21322113.html
|
|
|
|