In article <Pine.LNX.4.33.0201031155440.25887-100000@???>,
Dave C. <djc@???> wrote:
>The only _right_ way to do security on anything that sends email from a
>web HTTP form POSTing, is to severely limit what addresses it can mail
>*TO*, for instance, by making and mainting a list of authorized
>recpients. When a customer wants to add a form to their site, they have
>to have the desired recipient address added to your list..
Another thing is that the CGI script should add a proper Received:
line to the message before feeding it to exim/sendmail like this:
Received: from 195.64.66.217 via proxy.cistron.nl:3128
by homepage.cistron.nl (mail-form2 CGI program) with HTTP pid 5799
for miquels@???; Fri, 04 Jan 2002 01:06:50 +01:00 (CET)
Mike.
