httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason S" <>
Subject Re: [users@httpd] Formmail replacement
Date Fri, 21 Feb 2003 15:48:03 GMT
>I've got some FormMail abuse on a server running a couple of hundred
vhosts. Our users insist on not >updating or properly configuring their
copies of FormMail resulting in the usual spam abuse. I would like to >lock
down FormMail in the most effective yet least invasive way, ie something
that doesn't require >contacting lots of customers

>Solution wise i've got a couple. a) Only allow external mail from that box
to go to our subnet and force >users to direct mail to their popboxes to
retrieve FormMail output.  b) Write a script to search through >each cgi-bin
dir and find a copy of FormMail, copy the relevant variables, replace with
nms-FormMail >with the required variables inserted.  c) Ask users to please
replace their files ( obviously this one's unlikely >to occur )

>How would you worldly wise Apache folk go about this ?

You could use this script:
to check/disable vulnerable (if that's what you're using)
scripts on your server. Notify your customers that their scripts will be
disabled unless they upgrade or stop using

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message