source: https://www.securityfocus.com/bid/7758/info

It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host.

This issue may be exploited by an attacker to use the vulnerable host as an open relay. 

<input type="hidden" name="recipient"
value="user1@offsitedomain.(localdomain)co
m, user2@offsitedomain.(localdomain)com">