A place where the Joyent community can gather, help each other out, and stay informed.
You are not logged in.
Disclaimer : This is not meant to be an exhaustive how-to of FormMail programs or even of NMS FormMail which is what I'll be referring to. These are tips for installing NMS FormMail on TextDrive. As of this writing the current version is : 3.12c1
If you would like to set-up a contact page using a mail form (here's mine as an example), I use and recommend NMS FormMail to power it. It is fairly simple to configure and to the best of my knowledge very secure (this is not true of all form mail scripts so if you decide to use something else, please consult Jason in advance of installing).
You will still need to actually create the actual contact page and then link the configured script to it. This script is what generates the email that is sent to you when the person using it hits the 'send' button.
Before configuring the script
Tip 1 : Read the README file that comes with script. It will help you configure the script and discuss the settings I won't.
Configuring the script
There are actually very few user configurable settings in this script. This is good :)
Tip 2 : The $mailprog setting needs to be changed from its default to : '/usr/sbin/sendmail -oi -t'
Tip 3 : It is more secure to limit the number of recipients and hard code where the email will go. I will assume that no one reading this for tips is a corporate entity in need of more than one recipient. Please note these four lines in the configuration section of the script :
$max_recipients = 5;
$postmaster = ' ';
@referers = qw(dave.org.uk 209.207.222.64 localhost);
@allow_mail_to = qw(you@your.domain some.one.else@your.domain localhost);
Now an example of what they should look like after modification (using my settings) :
$max_recipients = 1;
$postmaster = 'nospam@dkimbrough.com';
@referers = qw(dkimbrough.com 67.18.181.69 localhost);
@allow_mail_to = qw(nospam@dkimbrough.com localhost);
Please note that I created a separate email address for just this form. I recommend this and then never use that address to respond to anything. That way it's always secure and the only thing that will ever show up in that box is notes from your admirers :)
Tip 4 : After making sure your script is working don't forget to change the $DEBUGGING setting from 1 to 0
Before uploading the script
Tip 5 : Rename the script. The default is FormMail.pl. Use you initials or almost anything else. An example (using my initials) : dk.pl It could be almost anything. Don't forget to note this so you create a valid link in your contact page.
Uploading the script
Tip 6 : The FormMail script must reside in your cgi-bin. On TextDrive servers cgi-bin does not reside in your public_html, but one level up. This is not a problem. Place the script in the cgi-bin as instructed and make the URL on your contact form point to it the same as if cgi-bin did reside in public_html (your.domain.com/cgi-bin/mail script here). The system is mapped to deal with this.
Last edited by Damelon (2004-06-04 04:16:10)
Offline
NMS FormMail is a securer version of Matt Wright's ubiquitous script. But I use and prefer the NMS script TFMail, which puts the configuration and template files (and, therefore, the target email address) outside public_html.
Checking the NMS site tonight, I also see there are a couple of alternate FormMail packages available there.
Offline
Oh, I guess so... Didn't see that the first time, I was in such a hurry to show off what little bit of knowledge I had about NMS.
Still, TFMail's templates allow you to arrange your output very nicely. One client, using it for event submissions, receives a paragraph that needs very little editing.
Offline
I was asked on the Textpattern forum how to setup NMS to allow for multiple recipients. My apologies for posting this here, but I have three reasons (good, I think) for doing it here. First, it keeps it together, secondly it will allow Jason or others to weigh in about if such a modification is still secure which is of direct interest to TXD users, and thirdly as this is the forum for a Hosting service I expect more individuals might have applicable information here.
Modify @allow_mail_to from the values I offered above to :
@allow_mail_to = ();
Add some recipients to the %recipient_alias section :
%recipient_alias = ( 'goofy' => 'goofy@dkimbrough.com', 'micky' => 'micky@dkimbrough.com', 'donny' => 'donny@dkimbrough.com', );
Then in your web form you need to add recipient to the hidden required field :
<input type="hidden" name="required" value="name,email,recipient" />
And a drop-down option list :
<select name="recipient" size="1">
Last edited by Damelon (2004-07-23 05:39:52)
Offline
If you would like a good php mail script, take a look at this one - it's already configured to be able to have multiple recipients that users can choose from:
I have set it up for someone else on their site, and it works just fine.
Offline
dhdesign wrote:
If you would like a good php mail script, take a look at this one - it's already configured to be able to have multiple recipients that users can choose from:
No, I'm not particularly in need of a script beyond what I'm already using but perhaps the person that asked about modifying this one will be able to use this info when they wander over. Thanks for the suggestion.
Offline
mod_security does have a nice thing it does with FormMail in it's examples:
Apparently could do something like
<Location /cgi-bin/NMSMail> SecFilterSelective "ARG_recipient_alias" "!@dkimbrough.com$" </Location>To further re-enforce allowed addresses (even if a script doesn't).
Offline
How might I test this script locally on a mac?
Offline
eyevee99 wrote:
I've been trying to get this to work. I always get an Internet Server Error. The permissions are set to 755.
Any ideas?
Try 700 instead of 755.
Offline
That didn't help. I can't even get a simple Hello world to work. Where is perl? the knowledgebase says /usr/local/bin/perl, however whereis while logged in says /usr/bin/perl. I've tried both.
Not even this will work:
print "Hello world\\n";
It runs on the command line, but not as a web script.
Last edited by eyevee99 (2005-12-08 11:59:37)
Offline
Ok, the hello world now works. I'm sending "Content-type: text/html\\n\\n" before the print command. No more 500 there.
However, NMS Formmail is still throwing a 500.
I've ensure there are no ^Ms in the file
I've ensure the #! perl path is correct
I've tried permissions of 700 and 755.
Still no dice.
:(
Interestingly, trying on another server gave the following error:
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:Too late for "-T" option at path/to/script/mymail.pl line 1.
I fixed this. It's a windows issue. However, textdrive version still 500s. :)
Last edited by eyevee99 (2005-12-08 13:50:51)
Offline
I'm having problems getting this to work too, I'm getting 500s no matter what configuration.
This is the form the script gets called with:
<form method="post" action="http:/myadress.com/cgi-bin/fm.pl">
<input type="hidden" name="subject" value="contact form inquiry" />
<input type="hidden" name="required" value="name,comments" />
<input type="text" name="realname" /> Your name:<br />
<input type="text" name="email" /> Email:<br />
<input type="text" name="feedback" /> Message:<br />
<input type="submit" />
</form>
And this is (part) of the script itself:
$DEBUGGING = 1; $emulate_matts_code= 0; $secure = 1; $allow_empty_ref = 1; $max_recipients = 1; $mailprog = '/usr/sbin/sendmail -oi -t' $postmaster = 'nospam@myadress.com'; @referers = qw(myadress.com 207.7.108.125 localhost); @allow_mail_to = qw(nospam@myadress.com localhost); @recipients = (); %recipient_alias = (); @valid_ENV = qw(REMOTE_HOST REMOTE_ADDR REMOTE_USER HTTP_USER_AGENT); $locale = ''; $charset = 'iso-8859-1'; $date_fmt = '%A, %B %d, %Y at %H:%M:%S'; $style = ''; $no_content = 0; $double_spacing = 1; $wrap_text = 1; $wrap_style = 1; $address_style = 0; $send_confirmation_mail = 0;
Chmodding it to 700 doesn't help either btw.
Guess I'm missing the obvious here (as always) but any help would be highly appreciated..
Thanks,
Phil
Offline
The only difference that I can see between yours and my working version is that in the form I don't have the full address to the script, just: action="/cgi-bin/script.pl"
I also checked and the permsisions on the script are 755
If that doesn't help you may want to put in a ticket and let them check your cgi directory, sometimes the setups don't get setup correctly.
Offline
Phil,
I've got mine setup just like your's (with a full path to the script) and permissions set to 755 and it works fine ... like Moon said
Offline
Thanks for the insight!
Moon, if I enter the path your way I get a 404, very strange..
After doing some googling I loaded up a simple script and requested it via http:myadress.com/cgi-bin/test.pl, but I am getting a 500 again:
#!/tools/ns/bin/perl5
print "Content-type: text/html\n\n";
print " ";
print "TESTING PERL";
Does one have to do anything else (like enable any special options in webmin) to make scripts work?
I don't know zilch about servers and coding so forgive me if this sounds naive at best..
I'll submit a ticket this evening if nobody finds a fix to this until then.
Thanks again,
Phil
Offline
phil_samhaber wrote:
I'll submit a ticket this evening if nobody finds a fix to this until then.
Why wait?
Just put the ticket in at a low-medium prioity and they'll take care of you. That's what they do!
It looks like something may be out of whack on your setup.
Offline
Ticket submitted :)
I'll post the outcome once things are sorted out..
Cheers,
Phil
Offline
Has anyone figured out why this script is throwing a 500 error?
I've tried all the advice I could dig up in the forums and still nothing.
Offline
Sorry for the "delay" (FOUR months?!) maybe this will help some people:
Florian answered my ticket the same day and the problem was
- DOS line endings
- Syntax error on line 46 (missing semicolon)
He fixed that and since then the script has been working perfectly.
I'm calling the script with:
<form method="post" action="/cgi-bin/XXXXXX.pl"> <input type="hidden" name="subject" value="phs contact form inquiry" /> <input type="hidden" name="redirect" value="http://philsamhaber.com/confirm.html" /> <label for="realname">Your name:</label> <input id="realname" type="text" name="realname" /><br /> <label for="email">Email:</label> <input id="email" type="text" name="email" /><br /> <label for="message">Your Message</label> <textarea id="message" name="feedback" rows="10" cols="5"></textarea><br /> <input id="submitbutton" type="submit" value="Send"/>
</form>
And the pearl itself is:
BEGIN
{ $DEBUGGING = 1; $emulate_matts_code= 0; $secure = 1; $allow_empty_ref = 1; $max_recipients = 1; $mailprog = '/usr/sbin/sendmail -oi -t'; $postmaster = 'xxxx@philsamhaber.com'; @referers = qw(philsamhaber.com 207.7.108.125 localhost); @allow_mail_to = qw(xxxx@philsamhaber.com localhost); @recipients = (); %recipient_alias = (); @valid_ENV = qw(REMOTE_HOST REMOTE_ADDR REMOTE_USER HTTP_USER_AGENT); $locale = ''; $charset = 'iso-8859-1'; $date_fmt = '%A, %B %d, %Y at %H:%M:%S'; $style = '/phs.css'; $no_content = 0; $double_spacing = 1; $wrap_text = 1; $wrap_style = 1; $address_style = 0; $send_confirmation_mail = 0; $confirmation_text = <<'END_OF_CONFIRMATION';
From: you@your.com
Subject: form submissionThank you for your form submission.
END_OF_CONFIRMATION
The script is set to chmod 700, the confirm and contact html are both 644.
Keep in mind the DOS endings!
Cheers
Offline
Intersting. Just received two emails sent via the contact page which looks like an attemt to send spam. Slimstat says he is from Vietnam.
Does this prove the script is secure? (-:
and the other one
From: hy960 philsamhaber.com <nobody@bidwell.textdrive.com>
Subject: hy960@philsamhaber.com
Date: 22 June 2006 15:45:17 GMT+02:00
To: xxxx@philsamhaber.com
Below is the result of your feedback form. It was submitted by
hy960@philsamhaber.com (not
to: CLEMANDc00kie@aol.com
Content-Type: multipart/alternative;
boundary=9eb9fd5766c014a2cfc7e09fc9b32b2f
Subject: on there, now, an if his
--9eb9fd5766c014a2cfc7e09fc9b32b2f
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
my scholar, little onas cried ilhelm. he boy was better dressed than at his
last appearance quickly he pulled his little cap off and stood still a
young girl in a wretched garb held him by the hand. ood day, my clever lad
said
--9eb9fd5766c014a2cfc7e09fc9b32b2f
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
my scholar, little onas cried ilhelm. he boy was better dressed than at his=
last appearance quickly he pulled his little cap off and stood still a you=
ng girl in a wretched garb held him by the hand. ood day, my clever lad said
-9eb9fd5766c014a2cfc7e09fc9b32b2f-) on Thursday, June 22, 2006 at 15:45:17
---------------------------------------------------------------------------
feedback: hy960@philsamhaber.com
---------------------------------------------------------------------------
and the second one
From: nobody@bidwell.textdrive.com
Subject: extended Content-Transfer-Encoding: base64 to: CLEMANDCookLe@aol.com Content-Type: text/plain ince: 40ea6ee95469a320c045a2e3fb1a9cad Subject: expressed bW1lZGlhdGVseSBvbiBsZWF2aW5nIHRoZSBjaXR5LCB0aGUgcm9hZCBiZWdhbiB0byBhc2NlbmQg d2UgY291bGQgbm90IH
Date: 22 June 2006 15:45:34 GMT+02:00
To: xxxx@philsamhaber.com
Below is the result of your feedback form. It was submitted by
() on Thursday, June 22, 2006 at 15:45:34
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Offline
Thanks Damelon!
I too was having problems with my old Formmail script now that I moved over to the Accelerators. Using the new script downloaded from the NMS formmail site, changing the parms and security as you mentioned above - all is well.
Tanks for taking the time to document this.
Bill.
Offline