At 06:30 PM 1.14.2003 +0000, Justin Mason wrote: > >Jack L. Stone said: >> Ed, your info about Formmail is not correct and is very stale. In fact >> there are more than 2 Million users and the security hole was patched. That >> doesn't mean that some have not kept up to date and don't know about the >> breach of security caused by using the older versions and those older ones >> are most likely the ones you are receiving. The newer versions of formmails >> cannot be sent from any other domain but the authorized host nor to any >> other recipients but the one designated by the authorized host. > >Jack -- > >last time I looked (Jan 2002) there was still a few sizeable holes in >FormMail big enough to drive a tank through -- I cowrote an advisory about >it. > >It looks safer with the current version (1.91), but I'd strongly recommend >people use NMS Formmail instead, it's definitely secure. > >--j. >
Yes, it was modified after your last look in Jan 02. Ver 1.92 was issued on 04.02. Also, looks like it was created a little over 7 years ago in 1995 - not 1987. ############################################################################## # FormMail Version 1.92 # # Copyright 1995-2002 Matt Wright [EMAIL PROTECTED] # # Created 06/09/95 Last Modified 04/21/02 # # Matt's Script Archive, Inc.: http://www.scriptarchive.com/ Sorry, this has drifted off-topic -- sorta, except the above version should not be a culprit as characterized earlier which was very old info. I believe the users are about 2.5 million. We are one of them on another host of ours. Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED] ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk