perlquestion geektron One of our ancient remailer scripts has finally been compromised. Someone discovered that it uses an ancient method to pass infomation to sendmail: a pipe directly to sendmail - the worst way to send email from a script. <p> I'm rewriting the thing with an extra eye for security and configurability (so that I can reuse it across our sites, if/when needed), and I want to make sure I've covered all the bases since the PHB keeps throwing "what if ...." scenarios at me. <p> I've already come up with the following to secure this thing: <ul> <li> using the -T switch (which isn't in the original) </li> <li> using [cpan://MIME::Lite] to create the message rather than just <code> print</code>ing to sendmail</li> <li> using [cpan://Mail::Address] or something similar to validate the "To:" field in the messages. i'll probably also make sure that only *one* value is in the "To:" field</li> <li> (not security related) using [cpan://Config::General] to allow for config file creation with an eye for deploying the remailer across sites. </ul> I know that checking for <code> $ENV{HTTP_REFERER} </code> isn't a great option, because that can be spoofed. (the person(s) exploiting this hole in the existing remailer have already spoofed IPs to allow for more hits to the script. <p> Does adding some form of key/ session_id buy any security? I think not, because it would be just another thing that needs to be passed in the form, and enough brute-force attacks would crack that too ... <p> Any other suggestions for making this thing as locked down as possible?