subject:"Re\: NMS \[formmail\]"

Re: NMS [formmail]

2001-09-17 Thread Chris Devers


On Mon, 17 Sep 2001, Dave Cross wrote:

> I've just released a first draft of FormMail. It's at 
> 
> 

Trying trying again yep: 404 not found.

"You followed a broken or out-of-date link"
 



-- 
Chris Devers [EMAIL PROTECTED]

Re: NMS [formmail]

2001-09-17 Thread Neil Ford


On Mon, Sep 17, 2001 at 11:06:02PM +0100, Dave Cross wrote:
> I've just released a first draft of FormMail. It's at 
> 
> 
> 
This appears to be 404ing :-(

Neil.

Re: NMS [formmail]

2001-09-17 Thread Matthew Byng-Maddick


On Mon, Sep 17, 2001 at 11:06:02PM +0100, Dave Cross wrote:
> I've just released a first draft of FormMail. It's at 
> 
> 
> 
> I would have put it in CVS on penderel, but it seems to be configured so
> that only Greg can use it :)
> 
> Incidently, perlfaq9 says that when using sendmail from a Perl script, you
> should use the flags "-oi -t -odq". I found that when I used -odq, the 

I would also recommend '-oem'.

'-t' may be a problem as it strictly doesn't allow you to force the envelope
from, which may be a sensible thing to allow (remember that the webuser may
well run as trusted user, and hence be allowed to set such things).

-odq is a "queue only" switch, according to my copy of the Bat Book. Thus
the mail will sit in the queue until a queue run happens. This will be
dependent on the -q in the invocation of /usr/{lib,sbin}/sendmail.

MBM

-- 
Matthew Byng-Maddick <[EMAIL PROTECTED]>   http://colondot.net/

Re: NMS [formmail]

2001-09-17 Thread Dave Cross


On Mon, Sep 17, 2001 at 06:09:21PM -0400, Chris Devers ([EMAIL PROTECTED]) 
wrote:
> On Mon, 17 Sep 2001, Dave Cross wrote:
> 
> > I've just released a first draft of FormMail. It's at 
> > 
> > 
> 
> Trying trying again yep: 404 not found.
> 
> "You followed a broken or out-of-date link"

Er, yeah. It's



Sorry,

Dave...

-- 

  Don't dream it... be it

  Drugs are just bad m'kay


  .sig missing...


  .sig missing...


  Drugs are just bad m'kay


  .sig missing...


  Don't dream it... be it

Re: NMS [formmail]

2001-09-18 Thread Sam Vilain

I hear that one problem with that script is the security problem that if
it is not altered, then it is possible to send mail from any address,
effectively allowing you to spam with it.

What I suggest for NMS scripts is that they have an internal configuration
function, whereby the script will refuse to run unless it is configured. 
In fact, if it is unconfigured, then present a configuration interface,
unless they can't find an appropriate place writable to store
configuration.  In that case, instructions are presented for logging into
their ftp account and making a world-writable directory for the script to
write to (perhaps this could be a URL to a NMS help system), or
instructions for manually customising the script to close security holes
etc.

Sound good?

Sam.

On Mon, 17 Sep 2001 23:06:02 +0100
Dave Cross <[EMAIL PROTECTED]> wrote:

> I've just released a first draft of FormMail. It's at 
> 
> 
> 
> I would have put it in CVS on penderel, but it seems to be configured so
> that only Greg can use it :)
> 
> Incidently, perlfaq9 says that when using sendmail from a Perl script,
you
> should use the flags "-oi -t -odq". I found that when I used -odq, the 
> mail wasn't delivered. Any ideas why that might be?
> 
> Dave...
> 
> -- 
> 
>   Don't dream it... be it
>

Re: NMS [formmail]

2001-09-18 Thread Dave Cross

From: Sam Vilain <[EMAIL PROTECTED]>
Date: 9/18/01 9:49:42 AM

> I hear that one problem with that script is the security 
> problem that if it is not altered, then it is possible to 
> send mail from any address, effectively allowing you to 
> spam with it.

In the latest version of FormMail (1.9, released August 2001[1])
there's a new security feature, an array called @recipients which
defines the valid set of recipients for the mail. This is meant
to prevent spam being sent using the script.

I've incorporated this fix in my version, so feel free to take
a look and see what you think.

> What I suggest for NMS scripts is that they have an 
> internal configuration function, whereby the script will 
> refuse to run unless it is configured. In fact, if it is 
> unconfigured, then present a configuration interface,
> unless they can't find an appropriate place writable to 
> store configuration.  In that case, instructions are 
> presented for logging into their ftp account and making a 
> world-writable directory for the script to write to 
> (perhaps this could be a URL to a NMS help system), or
> instructions for manually customising the script to close 
> security holes etc.
>
> Sound good?

Happy to consider things like this as long as they don't violate
the overriding rules of NMS.

1/ Drop in replacements for MSA. Nothing harder to use than in
the MSA versions.

2/ Runs using only features and modules available with the standard
distribution of Perl 5.004_04.

If you have a plan, please let me know.

Dave...

[1] He seems to be updating things a little more often recently.

-- 

Mention The Lord of the Rings just once more and I'll more than
likely kill you,
"Moorcock! Moorcock! Michael Moorcock!" you fervently moan.
   - Half Man Half Biscuit (Dickie Davies Eyes)

Re: NMS [formmail]

2001-09-18 Thread David Cantrell


On Tue, Sep 18, 2001 at 09:49:42AM +0100, Sam Vilain wrote:

> What I suggest for NMS scripts is that they have an internal configuration
> function, whereby the script will refuse to run unless it is configured. 
> In fact, if it is unconfigured, then present a configuration interface
> 
> Sound good?

The first two lines do.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david

  We are all atheists about most of the gods that humanity
  has ever believed in. Some of us just go one god further.
-- Richard Dawkins

Re: NMS [formmail]

2001-09-18 Thread Newton, Philip


Matthew Byng-Maddick wrote:
> On Mon, Sep 17, 2001 at 11:06:02PM +0100, Dave Cross wrote:
> > 
> > Incidently, perlfaq9 says that when using sendmail from a 
> > Perl script, you should use the flags "-oi -t -odq". I found
> > that when I used -odq, the 

Well, I would have said "you can use the flags" rather than "you should use
the flags", but yes.

> I would also recommend '-oem'.

What's that do? Something about emailing the originator on any problems?

> -odq is a "queue only" switch, according to my copy of the 
> Bat Book. Thus the mail will sit in the queue until a queue
> run happens.

While MBM answered your question, Dave, I'd like to point out that you could
have found out yourself with a bit more RTFM'ing :)

: and -odq says to put the message into the queue. This last
: option means your message won't be immediately delivered, so
: leave it out if you want immediate delivery.

(From `perldoc -q "send mail"` on Perl v5.6.0, but I'm fairly certain that
passage was in the 5.005_03 docs as well.)

Cheers,
Philip
-- 
Philip Newton <[EMAIL PROTECTED]>
All opinions are my own, not my employer's.
If you're not part of the solution, you're part of the precipitate.

Re: NMS [formmail]

2001-09-18 Thread Matthew Byng-Maddick


On Tue, Sep 18, 2001 at 01:14:46PM +0200, Newton, Philip wrote:
> Matthew Byng-Maddick wrote:
> > On Mon, Sep 17, 2001 at 11:06:02PM +0100, Dave Cross wrote:
> > > Incidently, perlfaq9 says that when using sendmail from a 
> > > Perl script, you should use the flags "-oi -t -odq". I found
> > > that when I used -odq, the 
> Well, I would have said "you can use the flags" rather than "you should use
> the flags", but yes.
> > I would also recommend '-oem'.
> What's that do? Something about emailing the originator on any problems?

>From the exim docs: http://www.exim.org/exim-html-3.30/doc/html/spec_5.html
(this doesn't mean that sendmail doesn't have it, just that the bat book is
 at home, and I know my way around the exim docs. :-)
| -oee
| 
| If an error is detected while a non-SMTP message is being received (for
| example, a malformed address), the error is reported to the sender in a
| mail message. Provided the message is successfully sent, Exim exits with
| a return code of zero. If not, the return code is 2 if the error was that
| the message had no recipients, and 1 otherwise. This is the default -oex
| option if Exim is called as rmail.
| 
| -oem
| 
| This is the same as -oee, except that Exim always exits with a non-zero
| return code, whether or not the error message was successfully sent. This
| is the default -oex option, unless Exim is called as rmail.

So yeah, sort of, but with the error code reporting too that something wasn't
quite right. I never really care about what it does, ony that I know that it
does the right thing and that the error code works. :-)

> > -odq is a "queue only" switch, according to my copy of the 
> > Bat Book. Thus the mail will sit in the queue until a queue
> > run happens.
> While MBM answered your question, Dave, I'd like to point out that you could
> have found out yourself with a bit more RTFM'ing :)

Or indeed any other mailer reference. I'm sure the sendmail one says it
somewhere. The advantage of doing this, is, of course that under high load,
the queue can be vaguely optimised by MX.

[snip philip's manual]

MBM

-- 
Matthew Byng-Maddick <[EMAIL PROTECTED]>   http://colondot.net/

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

Re: NMS [formmail]

9 matches

Site Navigation

Mail list logo

Footer information