E-Mail Problems - MAIL_MESSAGE

Hi All,

I have the below script hosted on a website which i run. The problem is
that someone seems to be using it to send SPAM out vie the HTML form i use
for people to input thier details. I have hardcoded the recipient into the
CGI script so does anyone know how they can manage to use this script to
send out mail as SPAM and what i should change to stop it? It is causing us
realy problems. I have removed the script until we can find a fix as we
are receiving hundereds of delivery failures to random addresses a day.

Any help at all would be appreciated.

Regards

Jamie

----------------------Code -------------------------------------------------------

#use lib "/home/username/local/lib/site_perl/5.6.0/i686-linux/";
#use lib "/home/username/local/lib/site_perl/5.6.0/";

use CGI -debug;
use CGI::Carp fatalsToBrowser;

$rgt = new CGI;

$recipient = "jamie\@jamieallison.co.uk";
$subject = $rgt->param("subject");
$redirect = $rgt->param("redirect");
$senderName = $rgt->param("senderName");
$sender = $rgt->param("sender");
$body = $rgt->param("body");
$sendmail = '/usr/lib/sendmail';

email($subject,$recipient,$sender ,$sender ,$body, $senderName);

print "Status: 302 Moved\nLocation: $redirect\n\n";

sub email ($$$$$$)
{
my ($subject, $to, $from, $etitle, $body, $senderName) = @_;

open (MAIL, "| $sendmail -i -t" );
print MAIL <<MAIL_MESSAGE;
Subject:$subject
To:$to
Reply-to:$from
From:$etitle

$senderName sent the below message:-

$body
MAIL_MESSAGE
close MAIL;
}
return 1;

--------------------------------end
code----------------------------------------


.

Relevant Pages

  • Re: Form Security
    ... After all this, if no error message has been generated, the form contents are emailed to me. ... I'm no Linux guru, so I don't know what someone could do to cause problems with this script, other than spam me. ... What he's proposing is false security - which is worse than no security ...
    (comp.lang.php)
  • Spam stopper. (Was Re: "ABC Consumer Reports" doesnt recommend Linux)
    ... I just had a look at your spam stopping script, which is a little bit like ... Please don't send me html mail or un-notified attachments. ...
    (comp.os.linux.misc)
  • Spam stopper. (Was Re: "ABC Consumer Reports" doesnt recommend Linux)
    ... I just had a look at your spam stopping script, which is a little bit like ... Please don't send me html mail or un-notified attachments. ...
    (comp.os.linux)
  • [Full-disclosure] Spam exploiting MS05-016
    ... It is not spam, ... the "agreement.txt " file contained a script to write a text ... via its "-s" option and further commands to run ftp with those scripted ...
    (Full-Disclosure)
  • Spam exploiting MS05-016
    ... It is not spam, ... the "agreement.txt " file contained a script to write a text ... via its "-s" option and further commands to run ftp with those scripted ...
    (Bugtraq)