I keep getting these emails:

This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its recipients after more than 48 hours on the queue on discover.addaction.net.

The message identifier is: 1A3dYp-00049k-CZ
The subject of the message is: http://www.dontfalltwice.com/cgi-sys/formmail.pl (198.143.78.131:80) bcc: *******@aol.comBfEp 6 F JRl3 B 9T qbt1xn7dvuvzFOZg7gtXlDkkFmbhibrkqE24QdPF QF5sOqFG H3 H4vVqZ5 l94n yOO2tÿFFFFCCabcdefghijklmnop.
The date of the message is: Sun, 28 Sep 2003 11:34:11 -0400

The address to which the message has not yet been delivered is:

*******@www.dontfalltwice.com
Delay reason: remote host address is the local host

The **'s are someones email address. I know formmail can be a problem with spam so I'm just wondering if that's whats going on here? I do have a forum running Invision but I haven't had this problem on other servers I've been on. Could it be a outdated version of formmail?

If you did not send the mail, then yes....someone is spoofing your form, and using it for spam.

This happened us before as well.

You would be better off finding a new form parser.

That looks like the Cpanel version of FormMail. You should disable this, or have your sysadmin do it.

<edit>
Followed the link and got this:
FormMail-Clone
This is FormMail-clone, a clone of FormMail.cgi. It is a clean room version for legal purposes (a less restrictive liscense), but should behave the exact same way as Matt Wright's Original, but contain none of his code.

Kill it.

/cgi-sys/ is in alias to cPanel's script dir which contains their version of formmail (and it's variants). Months ago there were problems with spammers exploiting this and there have been numerous problems since so a lot of hosts disabled it or protected it.

Some obviously didn't though.

Hi

Contact our support team at: support@addaction.net

The Cpanel FormMail has been disabled but likely you still have an old version in your account.

Anton

That's not possible. You need to understand the control panels you are running a lot better. That URL is an script alias to a cpanel directory, and at no point is that a local copy stored just in that account.

Originally posted by sprintserve
That's not possible. You need to understand the control panels you are running a lot better. That URL is an script alias to a cpanel directory, and at no point is that a local copy stored just in that account. ^^^^^^^^^^^^^^^^^^^^
Yup, what he said. Maybe you disabled it, but a Cpanel update reinstated it?

Someone is TRYING to use formmail, but the version installed is safe. They can't use it. I guess it's an automated script that is trying to use it, so in the next couple of days you will recieve similar e-mails from the same basic address. When it doesn't work, they will move on to the next target and try there.

Umm, it actually appears the bcc line is being used for the spam recipients, but the normal 'to' line is the one that bounced.
I could be wrong here....there isn't enough of the header showing.

My host fixed the problem. Thanks for all your help.