1) Rename the file to something different: sendmail.cgi, sendit.pl, info.pl etc..
2) If all mail is coming to you, hardcode the address into the script.
3) If all mail is coming to you, write the code to ignore requests to other mail addresses
4) Send an extra parameter, call it something unusual such as CodeToAuthenticate with a value of something completely wierd: say, "E45TFG357928743fkR". Hard code in the the program to ignore any requests that do not have the above code and value as a parameter.
5) Add a section in to either - send a copy of all mail to yourself (not good if someone uses it for spamming) - or set a limit to how often this script can be called.
6) If you really want to sort these kinds of problems out you can get a script to write all the emails to your server. You can manually check these and filter out any spamming messages by deleting emails with particular words in them, or by sent time etc... You will require good programming skills to do this and customers/users will not get instant messages but will not get spammed either.

You will never stop everyone from using the script, but you will stop most.

Point well-taken about slamming the barn door after the horses have already left...

From the title of this thread, I presume that formmail.pl does not exist on your server. Therefore, there are only three possible advantages to blocking these accesses:

# Block MS IIS server security exploits, disallow shared-file-editing attempts
RewriteRule \.ida$ - [F]
RewriteRule /cmd\.exe$ - [F]
RewriteRule /root\.exe$ - [F]
RewriteRule /shell\.exe$ - [F]
RewriteRule \_vti\_ - [F]
RewriteRule ^NULL - [NC,F]
#
# Block various probes
RewriteRule ^a\.asp/ - [F]
RewriteRule \.\./ - [F]
RewriteRule formm?ail - [F]
RewriteRule sumthin - [F]

I figured I could rename the individual file(s) without any major problems, as long as I made sure any files referencing it were also checked and the names appropriately changed. Just looking for confirmation, I guess. Can I also rename any folders without perl getting confused if I'm not using any of the cgi "standard" names (i.e. cgi-bin, bin, etc.)? Seems logical, but programs can be either really flexible or really strict about things sometimes.

Since I'm self-taught in what little I know about cgi scripts (e.g., modifications to make output pages match the rest of the site), what would I be looking for or need to change to make sure all emails go only to a specified addressed and all others are ignored? I may have to make changes in several different programs, both on Linux/Unix machines as well as MSII versions.

Mostly, I just want to try to prevent folks from sending out spam from client and/or personal websites. Since one site is for a non-profit private school, it really wouldn't look good if they appeared to be sending out any kind of spam!

Like I said, I don't have the skills to do anything truly fancy, so any specific programming suggestions would really be helpful.

jdMorgan -

You guess correctly re: no formmail on the site with the errors. And none in the works either. I don't want to block the error messages. It tells me what the little buggers are up to and how much trouble their trying to cause. It also gives me an idea of what to look for and protect from on other sites!

As for the htaccess coding - Thanks! Unfortunately, I don't understand what the coding does. I'm only vaguely familiar with htaccess, though I'm learning more about blocking access to files, redirects, etc. Would you mind breaking down what this code does?

It basically returns a 403-Forbidden response for all requests which match the given patterns.

This thread, An Introduction to Redirecting URLs on an Apache Server [webmasterworld.com], may be a useful starting point for you.

Jim