Re: Re: Re: Port 80 Mail Relay (Spammers Welcome?)

I wasn't advocating SSI, just pointing out that the submission forms weren't static html. You've got the basic idea though... a carefully crafted perl -pi -e 's///' on the existing forms, along with an hourly cron job to update the "secret" key was all it took. Not a great solution, but perhaps good-enough for the short term.

-Blake

Comment on Re: Re: Re: Port 80 Mail Relay (Spammers Welcome?) Download Code

Replies are listed 'Best First'.
Re: Re: Port 80 Mail Relay (Spammers Welcome?) by projekt21 (Friar) on Sep 13, 2001 at 15:30 UTC
How about an encrypted string containing a timestamp (to avaoid the cron job), the recipient address and a secret key that must be passed as hidden input and validated by formmail? alex pleiner <alex@zeitform.de> zeitform Internet Dienste	[reply]
Re:^5 Port 80 Mail Relay (Spammers Welcome?) by blakem (Monsignor) on Sep 13, 2001 at 15:41 UTC
I don't think its worth getting too complicated with it... After all the "password" is sitting right there in the HTML file. No matter how you generate it, someone could easily slurp it up and use it for nefarious purposes. Luckilly, troublemakers usually don't take that extra step, they just move on to the next MSA site. -Blake	[reply]
Re:^6 Port 80 Mail Relay (Spammers Welcome?) by projekt21 (Friar) on Sep 13, 2001 at 19:12 UTC
I don't want to argue, but as I wanted to include the recipient's address into that "password" and let formmail validate that, the spammer would not be able to "use it for nefarious purpose". At least not to send out spam. But anyway, you are right, it's a bit oversized. alex pleiner <alex@zeitform.de> zeitform Internet Dienste	[reply]