Security issue with installation of nms formail by virtualmin

The default installation of nms formail by virtualmin leaves the domain open to spammers. The installer does not add the following to referrers:
the ip address of the virtual server and local host. This allows fqdn spoofing as the spammer only has to put the contained user@domain in the script which is easily readable by looking at hte source code of the webpage containing the calls to the formmail script. I have just spent the past week getting hammered by over 1.5k spoofed e-mails until i realized it was an attack against form mail which i had not seen in a long time because by default i always added domain fqdn, ip address of server and localhost. This is the widely known way to prevent this issue. Virtualmin by default should include this information in @referrers when it is installed.