I use forms to mail in several pages hosted in my server, the forms use formmail.cgi Some days ago I've began to receive emails from those forms sent by email@example.com The body begins with the word POSTDATA, and all the fields are filled with readable text and %xx codes. I have enabled suexec and I configured WHM to avoid nobody sending emails, but these solutions doesn`t function. The next solution I aplied was config a blacklist in SpamAsassin and an email filter to discard this messages. But I wonder if this spammer could use my formmail to send spam, and I would like to know if this is a hole in formmail, and how to fix it. Any help?