To reply to all of these messages... Patching FormMail to check the referrer
is NOT ample security. It takes about 30 seconds to write a Perl script to
POST to FormMail.pl with a faked HTTP_REFERRER field.
Probably the only useful solution is to hack the script to use an array of
valid email
Yeah, we actually had an incident of that long ago on our webservers, seems
a few people know about it. The problem is two-fold -
1) The FormMail program uses a referrer array as the ONLY security check
for calls to the program (which can be REALLY easily faked).
2) It allows the recipient
