> When I have FormMail generate messages on my server, they're getting > caught by SA. Here's what I'm getting:
[ Recycling large comments by Bob Apthorpe about this topic 2 months ago, just some changes to fit better. ;) ] The original FormMail from Matt's Script Archive (yes, that monstrous security hole distrubted from http://worldwidemart.com/scripts/formmail.shtml), is so rife with bugs and security holes it's not funny (good news: it no longer offers shell access to your machine; bad news: it still turns your webserver into an open mail relay.) Secure equivalents: - http://nms-cgi.sourceforge.net/scripts.shtml - ftp://ftp.monkeys.com/pub/formmail/1.9s/ Details at: http://www.monkeys.com/anti-spam/formmail-advisory.pdf or http://www.monkeys.com/anti-spam/formmail-advisory.ps http://www.securityfocus.com/corporate/research/top10attacks_q1_2002.shtml > I understand that BUGGY_CGI is just looking for: > "Below is the result of your feedback form". > It seems that this will severly penalize any FormMail messages. Should > I disable this? Should I edit all copies of FormMail on my server? Leave BUGGY_CGI alone; it's doing what it's supposed to do (detecting FormMail spam.) Replace your FormMail script with something that doesn't turn your system into an open relay and SpamAssassin should work as intended, no rule-mangling necessary. ...guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
