[Modsecurity] Formmail
Who Knows
quien-sabe at metaorg.com
Wed Apr 5 19:46:28 EDT 2006
Mike Cardwell wrote:
>* on the Wed, Apr 05, 2006 at 02:17:52PM -0400, Michael S. wrote:
>
>
>>You should be so fortunate that those rules exist! We don't allow formmail
>>on any of our 220 servers so those rules are a god send. If you're into
>>spammers and having your server shutdown for outbound spam, by all means
>>remove them. I could never understand in a million years why there are so
>>many server admins who are so blind to issue that formmail creates, doesn't
>>matter how recent the version, it's always vuln! I guess there are some
>>server admins who don't know any better. A big of education would be in
>>order.
>>
>>
>
>I am well aware of the issues surrounding formmail. I don't need
>"education" on the matter. If your servers allow exploited cgi/php
>scripts to send out large volumes of spam then there is something
>inherently wrong with your design. The hosting system I built allows
>formmail, yet has no spam problems.
>
>I could understand rules that blocked calls to .*/formmail.(pl|cgi|php)
>that contained newline characters in the subject/from parameters for
>example, but outright blocking of any uri that matches .*/formmail.pl
>seems like overkill to me.
>
>Mike
>
>
>
My two cents worth ($0.02), is that it that overkill in this instance is
the correct
thing to do for the rules. For rules such as this that prevent me from
doing something
on my server(s) that I know is safe, I have a local file of exclusions.
Regards,
Jim
More information about the Modsecurity
mailing list