The reason you're getting the warning is that you are attempting to match a pattern against a variable whose value is undef, because $_mail_from is not defined. The root cause is that param('mailfrom') is not defined, because the HTTP request which triggers the script doesn't have a mailfrom value specified.

Your workaround to get rid of the warning does not appear to do what you intended. Based on some quick tests, it looks like it causes your pattern to be matched against the result of defined ($_mail_from), which is a true/false value and will never match the pattern.

A better solution would be to add a line prior to that match which either returns an error if no from: address is provided ($show_error_message unless defined $_mail_from) or else to assign a default value if it doesn't have one ($_mail_from = 'nobody@nowhere.com' unless $_mail_from, or change line 7 to my $_mail_from = $q->param("mailfrom") || 'nobody@nowhere.com').