Menu
▾
▴
Re: [Nms-cgi-devel] patch for nms FormMail
|
From: Craig S. <ca...@ta...> - 2002-02-25 09:02:50
|
(i'm not subscribed to the nms-cgi-devel list. please cc me on any replies) On Thu, Feb 21, 2002 at 04:06:20AM -0800, Joseph Ryan wrote: > > the attached patch: > > > > 1. reads in a list of allowed recipient domains from > > /etc/formmail.recipients > > A good idea, but Im not sure if implementing it is a good idea since it > changes behaivor from the original version why not? the script already has an @referers array...my patch just adds extra elements to the array by reading a text file. this means you can let customer service staff add new referers without requiring them to have any perl programming skills. > > 4. uses Email::Valid to verify that addresses are valid > > Can't use CPAN modules (see the NMS faq for reasons why) :( i couldn't find anything in the faq about this. BTW, my patch for MX & NS record checks use the Net::DNS module from CPAN. so does the patch attached to this message. this new patch modifies the referer checking routine so that the hostname portion of the HTTP_REFERER variable is checked against a regexp made up from a list of IP addresses. if they match then the referer is accepted. e.g. "@ref_ip = qw(203.10.72. 202.137.);" results in a regexp string $ref_ip which looks like: "^(203\.10\.72\.|202\.137\.)" as with most of my changes to the NMS FormMail script, this is very useful on a web server with hundreds of IP based virtual hosts...saves having to update the script for each new virtual host added. > Our own email verification is pretty good anyways fair enough. i'm not sure if Email::Valid is needed...i had it in (my severely hacked version of) the old MW FormMail script but the NMS version already has email verification stuff. > > 5. use CGI::Carp to log each usage of the script, both successful and > > failed. > > We rolled our version of CGI::Carp fatalsToBrowser, so this shouldnt be that > hard to implement. However, it does change behaivor from the original... i like to print debugging messages to the apache error.log, and the warn() function from CGI::Carp is perfect for that. if there's another way to achieve that which fits in with better with NMS FormMail then i'd be happy to change it to suit. > > 7. adds Sender:, Reply-To:, and Errors-To: headers to the mail so that > > any bounces have a chance of actually being seen by the sender rather > > than getting lost in the webserver's unread mailbox. > > > > I think our version already has this. it wasn't in the version i downloaded last week. craig -- craig sanders <ca...@ta...> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch |
