[Modsecurity] Formmail

[Mike Cardwell]

* on the Wed, Apr 05, 2006 at 02:17:52PM -0400, Michael S. wrote:
> You should be so fortunate that those rules exist! We don't allow formmail
> on any of our 220 servers so those rules are a god send. If you're into
> spammers and having your server shutdown for outbound spam, by all means
> remove them. I could never understand in a million years why there are so
> many server admins who are so blind to issue that formmail creates, doesn't
> matter how recent the version, it's always vuln! I guess there are some
> server admins who don't know any better. A big of education would be in
> order.

I am well aware of the issues surrounding formmail. I don't need
"education" on the matter. If your servers allow exploited cgi/php
scripts to send out large volumes of spam then there is something
inherently wrong with your design. The hosting system I built allows
formmail, yet has no spam problems. 

I could understand rules that blocked calls to .*/formmail.(pl|cgi|php)
that contained newline characters in the subject/from parameters for
example, but outright blocking of any uri that matches .*/formmail.pl
seems like overkill to me.

Mike

-- 
Digital photo printing: http://www.fotoserve.com/