yesterday a spamer used my server, cobalt raq3, for spamming.
I stopped sendmail and I am now checking all sites for a formmail script. I found 3 of them already.
However, in the log, it is said that user
xxxxxx is the sender of the mail:
this is a part of the maillog:
Older versions of FormMail are prone to being spammed off.
What you can do is:
1. tell your clients to upgrade to the newest formmail
2. tell your clients to rename the current FormMail.pl file to something else. This is because spammers search for the exact phrase FormMail.pl via search engines to locate spam easy accounts.
Precautions are just to locate FormMail.pl or renamed versions of the scripts on the server. Inform client.
Make sure POP before SMTP is enabled on the server.
As for the question above, off course you will see the username as the sender, this is because the user uploaded the file and it has his ownership for the file.
Hope this helps.
The account is not compromised BTW.....its just a bug in older versions of FormMail which allows spammers to spam right off the website.