This is old news...I got nailed with the Matt's FormMail.pl hack a couple
of years ago...the solution is to use the NMS ("Not Matt's Scripts")
drop-in replacement:http://nms-cgi.sourceforge.net/ AFAIK, the NMS version is imune to these hacks, if implemented properly. On Mon, 7 Feb 2005, Rakesh wrote: > Hi all, > > Since this specific post involves the FormMail.pl, I thought you guys > might be interested in this article and its suggestions > > http://www.linuxexposed.com/Articles/Hacking/The-FormMail-Hack-Explained.html > > regards > Rakesh > > EB wrote: > > >Hi Kenneth: > > > >But did you change the /etc/rc.d/init.d/sendmail file to point > >elsewhere? Because it's pointing to the /usr/sbin/sendmail now and > >it's expecting it as a daemon. > > > >Karen > > > > > >On Fri, 04 Feb 2005 15:18:10 -0600, Kenneth Andresen <[EMAIL PROTECTED]> > >wrote: > > > > > >>Hello Filip, > >> > >>Thank you for your script! I have been looking up several alternative > >>paths now, and yours seem to be the better way to go. > >> > >>I had not noticed before that /usr/sbin/sendmail in fact only was a > >>symlink. I have been testing your script, and it is necessary for me to > >>modify it. > >> > >>This is what I did: > >>I stored your script on my own local machine, added execute permissions, > >>and made the symlink /usr/sbin/sendmail point to that file. > >> > >>I edited the script with the sendmail variable to point to > >>/etc/alternatives/mta (which points to the true sendmail executable on > >>all my redhat based systems) > >> > >>Then I tried to execute the following from command line: > >> > >>echo -e "test\ntest" | mail -s "test" "[EMAIL PROTECTED]" > >> > >>that gave the result "2.6/5.0"... > >> > >>The mail was sent, without any modification, but that's likely because I > >>did it on the command line. > >> > >>Anyway, the script has been of great help, and I will likely have a > >>filter in place some time next week. > >> > >>Best regards, > >>Kenneth > >> > >> > >>On Mon, 2005-01-31 at 17:43, Andrzej Adam Filip wrote: > >> > >> > >>>Kenneth Andresen wrote: > >>> > >>> > >>>>How is it possible to make such a sendmail wrapper script? Any links to > >>>>examples? > >>>> > >>>> > >>>No but you can modify the script below to fit your needs: > >>> > >>>#!/bin/sh > >>># temporary directory > >>>TMPDIR=/tmp > >>># temporary working file name - unix time and process ID > >>>TMPFILE=`/bin/date +%s`.$$ > >>># temporary working file full path > >>>TMPPATH="$TMPDIR/$TMPFILE" > >>># "true" sendmail path > >>>SENDMAIL=/usr/sbin/sendmail > >>># directory to keep "classified as spam" messages > >>>QUARANTINEDIR=/var/spool/quarantine > >>> > >>># remove temporary file in case of problems > >>>trap "rm -f $TMPPATH" 0 1 2 3 15 > >>> > >>># copy input to temporary file > >>>cat - > $TMPPATH > >>># use spamc to check if it is a spam > >>>spamc -c < $TMPPATH > >>> > >>>if [ "$?" = "0" ] ; then > >>> # No spam or spamc error > >>> $SENDMAIL "$@" < $TMPPATH > >>> EXITCODE=$? > >>> rm $TMPPATH > >>> exit $EXITCODE > >>>else > >>> # classified as spam > >>> mv $TMPPATH $QUARANTINEDIR/$TMPFILE > >>> echo "$@" > $QUARANTINEDIR/$TMPFILE.options > >>>fi > >>> > >>> > >>> > >> > >> > > > -- > > regards, > Rakesh B. Pal, > Project Leader, > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ================================================== > I came, I saw, I conquered > ================================================== > > James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =========================================================================
