On Fri, 4 Jun 1999, Casey Zacek, Perlfectionist <cz(_at_)mindspring(_dot_)net>
reports:
Ok, the box is uhh "box.com".
It has 2 users: mark and juan.
box.com's .procmailrc: (all users are in one .procmailrc)
# Mark's procmailrc
:0 Hhb
* <whatever give a positive match>
* !^X-Loop: mark(_at_)box(_dot_)com
|formail -A"X-Loop: mark(_at_)box(_dot_)com" -R "Cc:" "X-Cc:" -i"To:
juan(_at_)box(_dot_)com" |sendmail -oi -t
# cut here
thus, mark forwards his mail to juan.
Spam C. Evil telnets to box.com port 25 and does something akin to this:
# start telnet session
EHLO evil.spam.com
MAIL From:<spam(_dot_)c(_dot_)evil(_at_)evil(_dot_)spam(_dot_)com>
RCPT To:<mark(_at_)box(_dot_)com>
DATA
Subject: This is evil spam
Apparently-To: <you(_at_)yournicedomain(_dot_)com>
Apparently-To: <me(_at_)mynicedomain(_dot_)com>
Apparently-To: <bob(_at_)bobsnicedomain(_dot_)com>
Apparently-To: <lala(_at_)lalasnicedomain(_dot_)com>
Apparently-To: <etc(_at_)etc(_dot_)com>
This is the body of my evil spam.
.
QUIT
# end telnet session
mark's .procmailrc picks it up, and for some reason, formail goes ahead and
sends to all these Apparently-To: people via sendmail -oi -t.
This can be avoided by changing mark's "formail" commandline to this:
|formail -A"X-Loop: mark(_at_)box(_dot_)com" -R "Cc:" "X-Cc:"
-I"Apparently-To:" -i"To: juan(_at_)box(_dot_)com" |sendmail -oi -t
--
James McGill, perlfectionist VOX: (972) 481-5735 (Dallas)
MindSpring Enterprises, Inc. PCS: (214) 641-4458