CGI

ID #83

My formmail.pl script from Matt's Script Archive doesn't work.

Applies to: Grid System

As of February 20, 2002 the formmail.pl at Matt's Script Archive has several vulnerabilities that allow it to be exploited by spammers. Also, many of the scripts at Matt's Script Archive are buggy and insecure.

Therefore, you should use replacement scripts from http://nms-cgi.sourceforge.net/ instead. The easiest script to use is the "compat" version. To use the script from NMS, just get the file from the NMS website, upload it to your /htdocs/www/cgi-bin/ directory, then get a shell prompt and type:

tar -xvzf htdocs/www/cgi-bin/[filename that you downloaded.tar.gz]

all on one line and then hit the ENTER key.

In the configuration section of the formmail.pl script you will need to set the correct path to to sendmail on our system, which is:

/usr/bin/sendmail



You will also need to fix the sendmail command parameters by deleting the '-oi' options from the command string.

Then, you will need to edit the configuration section of this script to put in your own values for @referers and @allow_mail_to and such, which are around line 48 of the script.

Finally, when installing this script on your site, it needs to be world executable in order to run. To make it world executable, issue these 2 commands from a shell prompt after you have uploaded formmail.pl into the /htdocs/www/cgi-bin directory:

cd

chmod 705 htdocs/www/cgi-bin/formmail.pl


If you don't know how to use a unix shell, your ftp software may have a graphical way for you to make the last permission bit "executable" but not "writeable" by "other".

For other problems with this form mail script, please make sure that you have set all the necessary variables in the script as described in the EXAMPLE and REDAME files that are contained in the script documentation. Also make sure that you have set all the necessary html form fields in the web page that POSTs to this script.


Last update: 2010-09-29 16:40
Author: FAQ Admin
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 5 (1 Vote)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ

Comment of Anonymous:
Depending on what version of the formmail script you're using, you may have to change:

$mailprog = '/usr/bin/sendmail';

to

$mailprog = '/usr/bin/sendmail -t';

in order to get it to work.
Added at: 2002-12-20 14:32

Comment of Anonymous:
If you get script errors, make sure your path to sendmail is

/usr/bin/sendmail -t

and NOT what comes default with the script, and that you have put a valid email address in the "recipient" form field of your HTML form and also specified that exact same email address (with the @ symbol escaped with a backslash like this: \@) in the "@recipients" configuration section of the script OR have put your domain name in the @allow_mail_to configuration section of the script.
Added at: 2003-12-30 19:51

Comment of Anonymous:
If you get an error about "closing sendmail pipe", then take out the postmaster setting from the USER CONFIGURATION SECTION of the script by putting a POUND sign "#" at the beginning of the line like this:

$mailprog = '/usr/bin/sendmail -t';
# $postmaster = '';
@referers = qw(yourdomain.com);


That is around line 45 of the script. You can either put a # sign in front to comment out the line, or you can just delete that 1 line

Added at: 2004-03-03 15:49