Jack L. Stone said:
> Ed, your info about Formmail is not correct and is very stale. In fact
> there are more than 2 Million users and the security hole was patched. That
> doesn't mean that some have not kept up to date and don't know about the
> breach of security caused by using the older versions and those older ones
> are most likely the ones you are receiving. The newer versions of formmails
> cannot be sent from any other domain but the authorized host nor to any
> other recipients but the one designated by the authorized host.

Jack --

last time I looked (Jan 2002) there was still a few sizeable holes in
FormMail big enough to drive a tank through -- I cowrote an advisory about
it. 

It looks safer with the current version (1.91), but I'd strongly recommend
people use NMS Formmail instead, it's definitely secure.

--j.


-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to