The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Formmail nobody@

Discussion in 'E-mail Discussions' started by latpanel, Jul 7, 2005.

  1. latpanel

    latpanel Well-Known Member

    Joined:
    Jan 23, 2004
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    I use forms to mail in several pages hosted in my server, the forms use formmail.cgi
    Some days ago I've began to receive emails from those forms sent by nobody@host.myserver.com

    The body begins with the word POSTDATA, and all the fields are filled with readable text and %xx codes.

    I have enabled suexec and I configured WHM to avoid nobody sending emails, but these solutions doesn`t function.

    The next solution I aplied was config a blacklist in SpamAsassin and an email filter to discard this messages.
    But I wonder if this spammer could use my formmail to send spam, and I would like to know if this is a hole in formmail, and how to fix it.

    Any help?
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    I am not sure what version are you using, but in general, Formmail is one of the most insecure scripts. You'll have to get a different, more secure, formmail script. Better yet, use a completely different script.
     
  3. latpanel

    latpanel Well-Known Member

    Joined:
    Jan 23, 2004
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    I use formmail that is in CPanel, the FormMail Version 3.12c1. I thought it was secure, but perhaps I need to change my mind about it

    Thanks
     

Share This Page