Re: Email text encoding
On Wed, 11 Feb 2004 15:21:24 -0600 Camilo Gonzalez [EMAIL PROTECTED] wrote: Eek! I've been told by my ISP that my Perl script to email myself and the user of my form the contents on my contact form has been hijacked by a spammer. My ISP has been deluged by recipients with complaints. Where have I gone wrong? Please be kind, this is a beginners' list after all. I am not alltogether certain what you are doing, but I suggest you look at http://www.gunnar.cc/cgi-bin/contact.pl and then download the latest version of CGI::ContactForm It is a pure perl module so can be installed in your own directory. It probably meets all your concerns -- Owen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Email text encoding
Hi, and thanks for all the previous suggestions regarding email modules. Now it turned out that my ISP refuses to let me install *any* additional Perl module on the server, so I have to use sendmail. This is mostly fine, since I only send short text messages, but it breaks down when it comes to 8-bit characters. The page the HTML form is included in is utf-8 encoded. But I set the form to accept iso-8859-1 form data like this: form action=cgi-bin/mail_form.pl method=post accept-charset=iso-8859-1 enctype=application/x-www-form-urlencoded Now my script pipes the processed data to sendmail like this: open MAIL, |$sendmail -oi -t or die Can't open pipe to $sendmail: $!\n; print MAIL EOF; To: $recipient From: $name $sender Subject: Website-Nachricht jan-eden.de Content-Type: text/plain; charset=ISO-8859-1 $message EOF From my own Mac (running OS X), the special characters come out fine (üäöß), when setting the charset for the email message like above, but from a standard PC (Windows 98), I get üöäüöäüöäà for a series of 8-bit characters. Is there anything I can do about this? How do I correctly encode 8-bit characters when I do not have access to a module? Thanks, Jan -- There are 10 kinds of people: those who understand binary, and those who don't -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Email text encoding
Hi, Jan Eden [EMAIL PROTECTED] wrote: and thanks for all the previous suggestions regarding email modules. Now it turned out that my ISP refuses to let me install *any* additional Perl module on the server, so I have to use sendmail. Well, I'm sure he won't let you install a module in the global module search path. But if you can upload files to your CGI directory, you can use any pure Perl module, too. Just upload the module in the proper subdiretory structure on the server and then use a use lib statement in your code to point your CGI program to the proper search path. HTH, Thomas -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Email text encoding
Hi, and thanks for all the previous suggestions regarding email modules. Now it turned out that my ISP refuses to let me install *any* additional Perl module on the server, so I have to use sendmail. Switch ISPs? Sorry this isn't the answer you want. Sorry I can't provide more help with respect to your encoding issues, but e-mail itself is incredibly complex and personally I would run for the hills (read: find a new ISP) before messing with it directly anymore, *especially* when doing the type of things you are talking about. Is there anything I can do about this? How do I correctly encode 8-bit characters when I do not have access to a module? Have you read: perldoc utf8 perldoc perlunicode http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Email text encoding
Eek! I've been told by my ISP that my Perl script to email myself and the user of my form the contents on my contact form has been hijacked by a spammer. My ISP has been deluged by recipients with complaints. Where have I gone wrong? Please be kind, this is a beginners' list after all. #!/usr/local/bin/perl -wT use CGI::Carp qw(fatalsToBrowser); use strict; use CGI; my $cgiobj = new CGI; $ENV{PATH} = ; #Get parameters my $name = $cgiobj-param('name'); my $address = $cgiobj-param('address'); my $email = $cgiobj-param('email'); my $comments = $cgiobj-param('comments'); #send emails to Camilo and sender my $from ='Opensourceman'; my $subject = 'Contact Confirmation from Opensourceman'; my $reply = '[EMAIL PROTECTED]'; my $sendmail = '/usr/lib/sendmail -i -t'; open (SENDMAIL, |$sendmail) or die Cannot open sendmail: $!; print SENDMAIL To: $email, $reply\n; print SENDMAIL From: $from\n; print SENDMAIL Reply-to: $reply\n; print SENDMAIL Subject: $subject; print SENDMAIL \n\n; print SENDMAIL Thanks for contacting Opensourceman. Below is what you submitted to us:\n Name: $name\n Address: $address\n Email: $email\n Comments: $comments \n\n We will be contacting you shortly; close(SENDMAIL); -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Email text encoding
Camilo Gonzalez wrote: Eek! I've been told by my ISP that my Perl script to email myself and the user of my form the contents on my contact form has been hijacked by a spammer. My ISP has been deluged by recipients with complaints. Where have I gone wrong? Please be kind, this is a beginners' list after all. ... my $email = $cgiobj-param('email'); ... print SENDMAIL To: $email, $reply\n; Hint: $email could contain more than just an email address. Think about it... -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Email text encoding
Basically, you're allowing a user to specificy an email address as a recipient. There's no reason for that person to get a copy of the message. Redirect to a thank you for message! It has been delivered page. I'm not sure but there might be a way to abuse your pipe to sendmail. I'd strip out any non word/digit/punctuation from comments as a safety. Also, tell your ISP to install a Mail::* module. I don't like giving a pipe to sendmail over CGI. Sendmail is riddled with horrid security problems, and giving a user the ability to send malicious data to sendmail client isn't something I'd recommend. You're re-inventing the wheel, and in this case, its dangerous, try: http://search.cpan.org/~markov/MailTools-1.60/ http://search.cpan.org/~mivkovic/Mail-Sendmail-0.79/ I'd recommend MailTools primarily as its in the Top 10 of the Phalanx 100. Mail::Sendmail is Tier 3. See: http://qa.perl.org/phalanx/distros.html These modules are heavily audited and trustworthy. Since you have your ISPs ear at the moment with the abuse complaints, this would be a perfect opportunity to go Install MailTools, its an important step to keeping this from happening again. On Wed, Feb 11, 2004 at 03:21:24PM -0600, Camilo Gonzalez wrote: Eek! I've been told by my ISP that my Perl script to email myself and the user of my form the contents on my contact form has been hijacked by a spammer. My ISP has been deluged by recipients with complaints. Where have I gone wrong? Please be kind, this is a beginners' list after all. #!/usr/local/bin/perl -wT use CGI::Carp qw(fatalsToBrowser); use strict; use CGI; my $cgiobj = new CGI; $ENV{PATH} = ; #Get parameters my $name = $cgiobj-param('name'); my $address = $cgiobj-param('address'); my $email = $cgiobj-param('email'); my $comments = $cgiobj-param('comments'); #send emails to Camilo and sender my $from ='Opensourceman'; my $subject = 'Contact Confirmation from Opensourceman'; my $reply = '[EMAIL PROTECTED]'; my $sendmail = '/usr/lib/sendmail -i -t'; open (SENDMAIL, |$sendmail) or die Cannot open sendmail: $!; print SENDMAIL To: $email, $reply\n; print SENDMAIL From: $from\n; print SENDMAIL Reply-to: $reply\n; print SENDMAIL Subject: $subject; print SENDMAIL \n\n; print SENDMAIL Thanks for contacting Opensourceman. Below is what you submitted to us:\n Name: $name\n Address: $address\n Email: $email\n Comments: $comments \n\n We will be contacting you shortly; close(SENDMAIL); -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response -- Brad Lhotsky [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Email text encoding
Forgot to CC the group: Including: $email = [EMAIL PROTECTED]: LONG LIST OF EMAILS\r\nSubject: PILLS\r\n\r\nEMAIL CONTENT\r\n\r\n.\r\n$ENDOFFILE; On Wed, Feb 11, 2004 at 04:28:12PM -0500, Bob Showalter wrote: Camilo Gonzalez wrote: Eek! I've been told by my ISP that my Perl script to email myself and the user of my form the contents on my contact form has been hijacked by a spammer. My ISP has been deluged by recipients with complaints. Where have I gone wrong? Please be kind, this is a beginners' list after all. ... my $email = $cgiobj-param('email'); ... print SENDMAIL To: $email, $reply\n; Hint: $email could contain more than just an email address. Think about it... -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response -- Brad Lhotsky [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Email text encoding
Hi Thomas, Thomas Bätzler wrote: Hi, Jan Eden [EMAIL PROTECTED] wrote: and thanks for all the previous suggestions regarding email modules. Now it turned out that my ISP refuses to let me install *any* additional Perl module on the server, so I have to use sendmail. Well, I'm sure he won't let you install a module in the global module search path. But if you can upload files to your CGI directory, you can use any pure Perl module, too. Just upload the module in the proper subdiretory structure on the server and then use a use lib statement in your code to point your CGI program to the proper search path. I thought about this, but until now I have always installed modules from CPAN using the Makefile.PL / make / make test / make install routine. I am not sure which files of a given module I have to copy to a server and at which point of the installation process all of these files are available. I will read perlmod and try to go this way. Thank you, Jan -- Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Email text encoding
Wiggins d Anconia wrote: Hi, and thanks for all the previous suggestions regarding email modules. Now it turned out that my ISP refuses to let me install *any* additional Perl module on the server, so I have to use sendmail. Switch ISPs? Sorry this isn't the answer you want. Sorry I can't provide more help with respect to your encoding issues, but e-mail itself is incredibly complex and personally I would run for the hills (read: find a new ISP) before messing with it directly anymore, *especially* when doing the type of things you are talking about. Apart from this issue, I am relatively happy with my ISP, so I tend to wait a little bit. Is there anything I can do about this? How do I correctly encode 8-bit characters when I do not have access to a module? Have you read: perldoc utf8 perldoc perlunicode I will now. Thank you, Ja -- Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response