`formmail.fcgi` should conceal the `access` value

When the form that delivers to formmail.fcgi is scraped, its setting for access may be used with the mailbox and a domain guesstimated from the website to form a recipient. It is better to conceal the access value from the HTTP user.

It would be more useful to generate fresh values (only valid until tomorrow, and generated at the end of a day) in a crontab script, and store it in the file system. The file would be available to formmail.fcgi but not stored in the HTML page that triggers it.

There are more variants, including an access value that is specific for the sender, but that requires a specific generator, such as makemail.fcgi. This is more complex, but it also avoids any abuse of identity-shifted email submission.