The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Keep Formmail on your box secure!

Discussion in 'E-mail Discussions' started by dgbaker, Jul 31, 2004.

  1. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    I've actually used it. It does work well.

    There, there... wipe away those tears...... :D
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Discovered one problem for us on the install. In the portion where the cron job is written the extra " after /dev/null gave us an error.

    if [ "$ISCRON" = "y" ];then
    cat > $ISTMP <<EOF
    0 0 * * * root /scripts/chkformmailver >> /dev/null" >> /etc/crontab 2>&1
    EOF
    cat $ISTMP >> /etc/crontab
    rm -f $ISTMP

    Otherwise worked great. Thanks!
     
  3. Kaith Rustaz

    Kaith Rustaz Active Member

    Joined:
    Jun 5, 2002
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Ok.... I followed the instructions...

    It said
    ##########################
    # Install is complete #
    # To use run #
    # /scripts/ckformmailver #
    ##########################

    But when I try "/scripts/ckformmailver" I get "bash: /scripts/ckformmailver: No such file or directory"

    I looked in /scripts and it aint there.
    I tried doing a find and well, it wasn't found.

    ??
     
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Should be "chkformmailver" :)
     
  5. Kaith Rustaz

    Kaith Rustaz Active Member

    Joined:
    Jun 5, 2002
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Darn typos. :)

    Ok, it works now...I got an email that stated:
    "The following files are old vulnerable versions of matts formmail. These scripts allow spammers to spam thru these scripts inturn making your server a open relay. They should be upgraded immediatly!!!"

    But listed nothing.

    Does that mean it's clear?

    :)
     
  6. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    That is my understanding.
     
  7. Kaith Rustaz

    Kaith Rustaz Active Member

    Joined:
    Jun 5, 2002
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Ok.

    You get that message either way.

    If it finds something it considers vulnerable, it'll be listed.

    " /home/USER/public_html/cgi-bin/fm.cgi is Version 1.92"

    I edited the script to consider anything under 2.0 of Matts FM hostile. Since the last version I found was 1.92...it should find em all. :) I hope.


    Cool script. Thanks!
     
Loading...

Share This Page