On Wed, Sep 07, 2005 at 09:58:35AM -0400, [EMAIL PROTECTED] wrote: > > Our largest issue with these web form mail exploits is not really > > spam-related (in terms of scripts causing our web servers to become spam > > relays); our clients are receiving these fake forms (obviously generated > by > > Can the script be coded to look for bcc: in a field that shouldn't have it
The best protection is to look for embedded CR or LF characters in a field that should not contain such characters, like the Subject, To, From or any other field that would end up in a header. If there are any, just reject with an error. You might want to ignore newlines just before the end of string to work around some buggy browsers. -- #!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]> $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang