From memory, an upgrade to ver 1.92 or above does the trick. A client site was hit the same way and all we did was update to the later version.

Put a notice on the clients site explaining that any spamm received was not sent from the clients website. This may be enough to prevent complaints arrising.

I'm not sure you can stop the undeliverable e mails. Presumably they will eventually cease since you have upgraded your formmail.pl version. If you don't have too many references to formmail.pl in your pages, it might be wise to rename the file since these attacks seem to be fairly random probes looking for the specific file name rather than someone examining the source of your pages to determine the name of your form mailing program. For future reference you might consider other form mailing options such as jmail or the e mailing capabilities of some databases. Out of annoyance with the formmail.pl probes I placed the following formmail.pl script on my server.

#!/usr/bin/perl

$remoteip = $ENV{'REMOTE_ADDR'};

print "HTTP/1.0 200 OK\n";

# Print HTTP header and opening HTML tags. #
print "Content-type: text/html\n\n";
print "<html>\n <head>\n";

# Print out title of page #
print " <title>Unauthorized Access Attempted</title>\n" ;
print "<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"10; URL=http://www.nipc.gov\">\n";
print " </head>\n";
print "<BODY BGCOLOR='#ffffff' TEXT='#000000' LINK='Navy' VLINK='Navy' ALINK='Navy'>\n";
print "<center>Thank you for your interest in this web site.<BR>";
print "You have attempted to illegally access a resource on this site.<BR>";
print "Your IP Address, <b>$remoteip</b>, has been recorded and will be referred to the appropriate authorities.<BR>";
print "Again, thank you for your interest.<BR>";
print "Click <A HREF='http://www.nipc.gov'>here</A> to go directly to the NIPC web site.</center>";
print "</body>\n";
print "</html>\n";

Securing the formmail script is the only practical thing you can do as this stops the real problem at the source.

mack's suggestion of an apology/explanation might help but I doubt it because most of the junkmail I get doesn't get read it just gets bounced and/or send to spamcop so having a nice page doesn't affect my decision to report or not...

The only real choice as far as undeliverables go is to try to wait it out - in my experience once the sending has stopped the bulk of the bounces should stop too, but you'll still get a handful for a few weeks afterwards as the systems which are trying to re-deliver finally give up.

If you are seeing lots of undeliverables your address might also have been used as a fake address by a spammer, similar to what happened to this person (I spotted this on /. a week or two ago so you might have already seen it);

[techdirt.com...]

-Tony

Thanks for the advice. I'll wait out the returned undeliverables and hope that it comes to an end soon.
Rose

simply change the filename of the script!