[thelist] FW: For formmail users: Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9

Mark Groen mark at markgroen.com
Thu Jan 24 08:56:11 CST 2002


----- Original Message -----
From: "Chris Cassell" <chris at chriscassell.net>
To: <thelist at lists.evolt.org>
Sent: January 24, 2002 6:15 AM
Subject: Re: [thelist] FW: For formmail users: Anonymous Mail Forwarding
Vulnerabilities in FormMail 1.9


>
> >
> >SUMMARY: FormMail 1.9 is the functional equivalent of an anonymizing
> >open mail relay.
>
> I'm certainly no perl expert by a long shot. I've set up a version of
> FormMail, modified so that the @recipients list isn't even referenced,
> instead hard coding the To: header in my script. Is this considered
secure
> from spammers, or am I being naive?
>
> Chris
>
 I joined a couple Perl lists to learn more about it after running into
some problems with Matt's Scripts, and the general consensus was that it
was a shame they were so ubiquitous while at the same time so unsecured
and buggy. Along the way, I ran across this Source-Forge sponsored site
by Dave Cross:
http://nms-cgi.sourceforge.net/ They are running a couple forums and are
working on replacing all of Matt's Scripts with ones written from the
London Perl Mongers:
http://london.pm.org/  Their library isn't large yet, but they have the
basic forms done now.

HTH!

Mark Groen

MG Web Services
Web Site Hosting and Development
www.markgroen.com
mark at markgroen.com
604-780-6917
Vancouver, Canada






More information about the thelist mailing list