Topic: Formmail

[Paul Andersen]

I am very new to the SME server 5.6 so please forgive my question ... in a commercially hosted web site I use Matt's FormMail script for web form to email and it works very well.

I have noticed on my server that the appears to be Formmail installed in /usr/bin/formail.

Does this mean that the (or a form to email) script is already installed and all I have to do is "point" my html form coding to this path (script) for it to work?

If not ... what is this for and how does it work?

Thanks in advance.

[Dave Liquorice]

I hope that you are aware that spammers trawl the web looking for formmail scripts to expolit. If the destination e-mail address is not hard coded into the script they can use your system to send spam...  My site gets many requests/month for variations on the capitalisation/spelling/extension of  "formmail".

Note: hard coded into the script not the form, if it's in the form they can change it. You can code around that restriction if you want a list of selected address's to send to.

As for /usr/bin/formail check the spelling.  B-)

Cheers
Dave.

[Jon Blakely]

Paul,

formail is a mail (re)formatter.

From man formail

 formail is a filter that can be used to  force  mail  into
 mailbox  format,  perform From ' escaping, generate auto-
 replying headers, do simple header  munging/extracting  or
 split  up  a mailbox/digest/articles file.  The mail/mail­
 box/article contents will be expected on stdin.

Jon

[Paul Andersen]

Thanks Jon for the explanation ... I will do a search on this site to see what is being used for form to email and how it is set up.

[Brad D.]

Paul,

When I was new to HTML programming, I had used Matt’s Formmail script, and it worked just fine. But now that you have an SME server, I would recommend using a PHP script for this.  This way you will know exactly how it works.  I have also read in several places at php.net that it is preferable to use PHP as an Apache module rather than a CGI -- which the SME has.

If you would like, I could post a simple ‘bradformmail.php’ script here for you. All you would have to do is point your html form to it.

[Paul Andersen]

Brad

Thank you for your offer and I would appreciate receiving your bradformmail.php script.

Cheers

[Brad D.]

Paul,

No problem...  If you have any questions, let me know. I am just glad to help.


---------------------------------------------------------------------------------------


             

   

   


-------------------------------------------------------------------------------------------------------





-----------------------------------------------------------------------------------
 $send_to_email = 'brad@bdwebtech.com';
 $subject    = "Internet Email Message...";
 $message = "Email message... \n\n";
 foreach ($HTTP_POST_VARS as $key => $value ) {
   $message .= "$key : $value  \n";
}
mail ($send_to_email, $subject, $message) or die ("Error!");
?>
Message Sent!
--------------------------------------------------------------------------------------------------------



If you need to sort by $keys, just use the ksort(); function.  I have also made these scripts as simple as I could, for readablility. Let me know if you need something more. Don't forget to check out php.net.  

Any comments from the e-smith community would be  appreciated.

[Marcello]

I'm no webdesign guru, but why not straight in html?

   Your name

   


   Your e-mail

   


   Subject

   


   Message

   


   

[Marcello]

Hmm, all the html-code got removed from the message but not from the forum: http://forums.contribs.org/index.php?topic=8821.msg33180#msg33180

[Brad D.]

Marcello,

Your 'mailto:bar@foo.net' worked under my version Internet Explorer 6.0 for XP.  I'm not too sure, but I think this mailto: url is browser specific, so it may not work on all browsers.

My spare Linux box is being used for SME right now; otherwise I would test it out.

Also note that when using the mailto, it is not a secure method and if the end user does not have a proper SMTP server setup, the webmaster will not get the intended email message. The PHP formmail script can be made secure by using SSL and keeping the email on the same server. It does not rely on people with SMTP, such as those with a Yahoo or Hotmail account.

Emails can be encryped. More notes on encryption at php.net.

These are just some things to keep in mind when deciding what system to use.

[Marcello]

Brad,

The html code works on the latest versions of IE, Netscape, Opera and Mozilla, so that should be no problem. Your other remarks, however, are quite valid. I guess it all depends on what the ojective is of your mail form.

M.

[Greg Zartman]

> question ... in a commercially hosted web site I use Matt's
> FormMail script for web form to email and it works very well.

As pointed out by others, older versions of Matt's FormMail script are not secure.  There are tools out there that spammers can use to scan the net for people with these older versions.  At one time, I was running one of these older versions and found out the hard way how easy formmail.pl can turn SME into a mail relay.

I've since re-written Matt's formmail.pl script and plugged the security holes.  If anyone is interested in the script, please email me and I'll send it to you.

FYI:  I did send the revisions to Matt and didn't recieve a response.  Seems he's gone on to bigger and better things.


Greg Zartman