Re: [Nms-cgi-devel] patch for nms FormMail

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

----- Original Message -----
From: "Craig Sanders" <ca...@ta...>
To: <da...@us...>
Cc: <nms...@li...>
Sent: Wednesday, February 20, 2002 7:55 PM
Subject: [Nms-cgi-devel] patch for nms FormMail

> neat script.  fixes most of the problems with the original (it was a
> struggle to remain polite here).  i've been modifying the original for a
> few years now, so that my web servers don't get hijacked by spammers
> just because my customers want to use MW's broken scripts.
>
> anyway, i've modified the nms FormMail so that it has all the
> enhancements that i added to the original.
>
> feel free to use any or all of the following patch, license is GNU GPL.
>
> the attached patch:
>
> 1. reads in a list of allowed recipient domains from
>    /etc/formmail.recipients

A good idea, but Im not sure if implementing it is a good idea since it
changes behaivor from the original version

>
> 2. checks the MX records of the domain part of each recipient
>    address against an @valid_mx array
>

good idea

> 3. checks the NS records of the domain part of each recipient
>    address against an @valid_ns array

good idea

>
> 4. uses Email::Valid to verify that addresses are valid

Can't use CPAN modules (see the NMS faq for reasons why) :(
Our own email verification is pretty good anyways

>
> 5. use CGI::Carp to log each usage of the script, both successful and
>    failed.

We rolled our version of CGI::Carp fatalsToBrowser, so this shouldnt be that
hard to implement.  However, it does change behaivor from the original...

>
> 6. adds X-Script-URL and X-Referring-URL headers to the sent message
>    to make it easier to trace where any given formmail message was sent
>    from.  essential if you have hundreds of virtual hosts and hundreds
>    of html forms which use the script.
>

seems like another good idea

> 7. adds Sender:, Reply-To:, and Errors-To: headers to the mail so that
>    any bounces have a chance of actually being seen by the sender rather
>    than getting lost in the webserver's unread mailbox.
>

I think our version already has this.

> 8. gets rid of an annoying warning message in the error.log if
>    $Config{subject} is undefined

Should already be fixed.
.
>
>
>
> NOTE: features 1 to 3 eliminate the need for an ISP with multiple
> virtual hosting customers to edit the script every time s/he adds a new
> customer.  if you host the DNS or the mail for the domain, then the
> domain is a valid recipient.
>
>
>
> not included in the patch is some code that reads my vhost configuration
> and adds all domains found to the @referrers array.  it's not included
> because it's too specific to the way i configure virtual hosts.  it's
> trivial to do- just read in a file and add each line.
>
>
> craig
>
> --
> craig sanders <ca...@ta...>
>
> Fabricati Diem, PVNC.
>  -- motto of the Ankh-Morpork City Watch
>