httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject RE: formmail.pl and redirection
Date Tue, 12 Mar 2002 21:24:06 GMT

> From: M.v.Buytene [mailto:martijn@sigterm.nl]

> He cant hardcode recipients into his formmail.pl.
> He wants to rewrite customers formmail.pl's and dont knows who the
> customers recipients i guess. I bet he does the antispam after the
> formmail.pl
> with a nifty senmail cfg.

I wouldn't bet.  I would check to be sure.  It would take a VERY special
sendmail config to handle this.

In general, formmail.pl is completely insecure and shouldn't be used.  The
most recent version (after August 2001) can be setup not to allow abuse, if
you are *very* careful.  The "referer" check is pointless, but there is a
new "recipients" check which can be used to limit abuse if you configure it
correctly.  Of course, that will be very difficult if you are talking about
hundreds of domains.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message