[cobalt-users] Formmail spamming??

["Brian M. Rahill" <brian@xxxxxxxxxxxxxxxxxxxxxxx>]

Hi All,

I have a client who has the latest version of formmail running (1.9)

Recently my logs filled up with stuff like this:

May 30 08:53:51 admin sendmail[1253]: g4UCrhd01251: 
to=<alf428@xxxxxxxxxxx>www.pica.ws, ctladdr=jfalk (450/100), 
delay=00:00:08, xdelay=00:00:04, mailer=esmtp, pri=871938, 
relay=mailin-02.mx.aol.com. [64.12.137.89], dsn=5.1.1, stat=User unknown
May 30 08:53:51 admin sendmail[1253]: g4UCrhd01251: 
to=<alf429@xxxxxxxxxxx>www.pica.ws, ctladdr=jfalk (450/100), 
delay=00:00:08, xdelay=00:00:04, mailer=esmtp, pri=871938, 
relay=mailin-02.mx.aol.com. [64.12.137.89], dsn=5.1.1, stat=User unknown
May 30 08:53:51 admin sendmail[1253]: g4UCrhd01251: 
to=<alf42@xxxxxxxxxxx>www.pica.ws, ctladdr=jfalk (450/100), delay=00:00:08, 
xdelay=00:00:04, mailer=esmtp, pri=871938, relay=mailin-02.mx.aol.com. 
[64.12.137.89], dsn=5.1.1, stat=User unknown
May 30 08:53:54 admin sendmail[1253]: g4UCrhd01251: 
to=<formmailtesting@xxxxxxxx> www.pica.ws, ctladdr=jfalk (450/100), 
delay=00:00:11, xdelay=00:00:03, mailer=esmtp, pri=871938, 
relay=tom.inbox.lv. [193.108.185.19], dsn=5.2.1, stat=User unknown

This appears to me to be someone using formmail to send spam (especially 
that last message to formmailtesting@xxxxxxxx -- looks like the spammer 
verifying that the formmail script works).
Yes/No?
How are they getting away with this?  I've got the @referers set to include 
only the client's domain and @recipients = @referers.

Needless to say I've rm'd the script until further notice.

TIA.

Brian

Brian M. Rahill
President
RainStorm, Inc.
http://www.rainstormconsulting.com
"Designing Strategies for Internet Success."
brian@xxxxxxxxxxxxxxxx
Phone: 207-866-3908
Fax: 207-866-0297