Results 1 to 9 of 9
  1. #1

    How to test formmail scripts for open relay?

    Does anyone know of a website or piece of software (like the test at ) to test formmail scripts to ensure they are secure?

    No, I don't want to spam anyone....I run 3 different scripts on two servers and want to make sure I don't get attacked.


  2. #2
    open your in notepad, if it says 1.6 or less its an open relay, if it says 1.9 its ok

  3. #3
    Thanks bbi - but I am not just using Matt's formmail - I use different formmail scripts for different purposes (some send autoreplies, some talk to majordomo, etc), and I do have the latest versions that check http headers, but I have heard there are some ways around that?

  4. #4
    actually 1.9 also has serious flaws and holes it in

  5. #5
    Join Date
    Sep 2001
    Vienna, Austria
    this is an informative page.

    spampal (cool application so far!) uses this list to filter your mail for spam sent from open formmail relays.

  6. #6
    write your own using php for example. It's easy and fast (well maybe not that customizable etc, but if you need for your own web site - no problem)

    mail() for php hint hint

  7. #7
    Join Date
    Sep 2001
    Vienna, Austria

  8. #8
    Join Date
    Jun 2001
    Reno, Nevada

    * FormMail

    If you have a server and run web hosting on it. And you have several clients that just will not get rid of that FormMail scripts because they are just too lazy to find a different way of handling forms. I have written a script that will chmod those scripts useless everyday. Just cut and paste this in your cron.daily folder and chmod it 755.

    Now everytime this script is run on your server it will change the permissions on all the formmail's located in your /home folder.

    If your home folder is in a different location then just change the "sed" line to match the folder they are in.


    cd /tmp
    echo "#!/bin/sh" > formmail.tmp
    locate >> formmail.tmp
    locate formmail.cgi >> formmail.tmp

    mkdir /tmp/new

    domains=`/bin/ls *mail.tmp`
    for domain in $domains ; do
    sed 's/\/home/chmod 644 \/home/g' $domain > new/$domain
    mv /tmp/new/formmail.tmp /tmp/new/
    chmod 755 /tmp/new/
    rm -rf /tmp/new
    rm /tmp/formmail.tmp


    This should give them a hint that everytime they try to upload it and get it working again with a old version or a version that is not setup right it will render it useless.

    Good Luck..
    Brian F
    Web Hosting Made Easy!
    American Internet Communications

  9. #9
    Join Date
    Jan 2002
    Scotland, UK
    We have banned, one site got exposed and 40,000 emails were sent through the system.

    We use a custom made PHP script on our own site. As said above it is very easy to create Just make sure you hard code the "to" address into the PHP or it can be exploited much easier.
    Chris Adams - CEO - Rochen Ltd. - chris (at) rochen (dot) com

    Now offering both US & UK premium business hosting, reseller hosting and managed virtualized services. | | | | Twitter: @rochenhost

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts