httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason S" <jasonsm...@knology.net>
Subject Re: [users@httpd] Formmail replacement
Date Fri, 21 Feb 2003 15:48:03 GMT
>I've got some FormMail abuse on a server running a couple of hundred
vhosts. Our users insist on not >updating or properly configuring their
copies of FormMail resulting in the usual spam abuse. I would like to >lock
down FormMail in the most effective yet least invasive way, ie something
that doesn't require >contacting lots of customers

>Solution wise i've got a couple. a) Only allow external mail from that box
to go to our subnet and force >users to direct mail to their popboxes to
retrieve FormMail output.  b) Write a script to search through >each cgi-bin
dir and find a copy of FormMail, copy the relevant variables, replace with
nms-FormMail >with the required variables inserted.  c) Ask users to please
replace their files ( obviously this one's unlikely >to occur )

>How would you worldly wise Apache folk go about this ?


You could use this script: http://geocities.com/inwebsys/check_formmail.tgz
to check/disable vulnerable FormMail.pl (if that's what you're using)
scripts on your server. Notify your customers that their scripts will be
disabled unless they upgrade or stop using FormMail.pl.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message