formmail.pl is a script known to be exploited by spammers in the way you describe.
We get many hits from people searching for this script every day, even though it does not exist on our servers. The script should be removed, and any attemps to exploit it reported to the exploiter's service provider. The person(s) in your organization claiming that they need this script should look for alternatives. For reports on problems with this script along with others from Matt's Script Archive search an archives for a Perl newsgroup, and you will find it discussed. Another script that people try to exploit from the same programmer is wwwboard. -----Original Message----- From: Lisa Bogar [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: Webserver relaying mail Someone on campus called me yesterday inquiring about how to stop relaying through sendmail. He thought he had configured his sendmail.cf to not allow relaying, but then got notified he was relaying mail. Today after some searching he found some information about FormMail.pl where it can be used to cause your webserver to relay mail. He found his information from www.8wire.com. Is anyone else familar with this and have you encountered it? The logs show attacks targeted at the cgi-bin that sent out tons of porno spam. Just trying to find out more information and I am surprised if it is indeed happening why I haven't seen anything on CERT or bugtraq. TIA Lisa ************************************** * Lisa L. Bogar * * Montana State University-Bozeman * * Information Technology Center * * Bozeman, MT 59717-3240 * * * * Phone: (406) 994-7887 * * FAX: (406) 994-4600 * * email: [EMAIL PROTECTED] * **************************************