Thx for the pointers on finding the insecure pormmail.pl An other problem: Forms sent on a webpage always have [EMAIL PROTECTED] (if www-data is the user in httpd.conf)as return path. How do I change this, or how can I set this to the "from"-field of the form? I tried on setting a different user on the virtual domains, but apache does not seem to accept this.
Thanks, Stefaan.
