Important FormMail.pl security information
Matt Wright's FormMail is a very common form processor that many of
our clients install rather than using the clone we provide. If you do
this, please observe the following VERY IMPORTANT security note.
Spammers look for "exploitable formmail" and then can forge
headers to send SPAM from your domain through the FormMail script.
Unless you have properly secured the script, you are vulnerable.
To ensure that you are not hit, modify the @recipients parameter as
follows:
@recipients = &fill_recipients('domain.com','sub.domain.com','another.com');
...listing any domain that you wish to be able to receive mail through
your formmail script. This should be done in addition to the @referrer
line which you modified to get the form working.
Detailed configuration instructions for the original FormMail.pl can be
found here:
http://www.scriptarchive.com/formmail.html
NOTE: For those users who are using the formmail clone we provide
through CPanel, this has been taken care of for you.
Return to FAQ