Hi, On Sun, 29 Jun 2003 12:17:50 -0700 "Spam Sucks" <[EMAIL PROTECTED]> wrote:
> Anyone know what Spamassassin is testing to trip the BUGGY_CGI sensor? > Is there a web site that lists the tests of each of the default > settings? I could only find lists of the default scores and descriptions > (even on the spamassasin.org site). > > The message I get is: > > BUGGY_CGI (2.8 points) Broken CGI script message > > I am using a very simple and standard FormMail form on my website and > forms sent to me from my own web site are getting marked as spam! If you are running the original FormMail from Matt's Script Archive (yes, that monstrous security hole distrubted from http://worldwidemart.com/scripts/formmail.shtml), you have much bigger problems than setting off your local copy of SpamAssassin. The original FormMail is so rife with bugs and security holes it's not funny (good news: it no longer offers shell access to your machine; bad news: it still turns your webserver into an open mail relay.) Stop worrying about SpamAssassin until after you replace FormMail with a secure equivalent, such as: - http://nms-cgi.sourceforge.net/scripts.shtml - ftp://ftp.monkeys.com/pub/formmail/1.9s/ Details at: http://www.monkeys.com/anti-spam/formmail-advisory.pdf or http://www.monkeys.com/anti-spam/formmail-advisory.ps http://www.securityfocus.com/corporate/research/top10attacks_q1_2002.shtml > I also tried giving a negative score to having a particular subject (the > subject of my form) but couldn't get that to work either. > [...] > > Still didn't work. I have lowered the score of BUGGY_CGI as a > workaround, but I would like to solve these two problems. Leave BUGGY_CGI alone; it's doing what it's supposed to do (detecting FormMail spam.) Replace your FormMail script with something that doesn't turn your system into an open relay and SpamAssassin should work as intended, no rule-mangling necessary. hth, -- Bob ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
