E-Mail Problems - MAIL_MESSAGE

Home | NewsGroups | Search | About

comp.lang.perl.modules

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject

Author

Date

E-Mail Problems - MAIL_MESSAGE

Jamie Allison

03-29-2006

Re: E-Mail Problems - MAIL_MESSAGE

A. Sinan Unur

03-29-2006

Re: E-Mail Problems - MAIL_MESSAGE

Gunnar Hjalmars...

03-29-2006

Posted by Jamie Allison on March 29, 2006, 5:16 pm

Please log in for more thread options

Hi All,

I have the below script hosted on a website which i run. The problem is
that someone seems to be using it to send SPAM out vie the HTML form i use
for people to input thier details. I have hardcoded the recipient into the
CGI script so does anyone know how they can manage to use this script to
send out mail as SPAM and what i should change to stop it? It is causing us
realy problems. I have removed the script until we can find a fix as we
are receiving hundereds of delivery failures to random addresses a day.

Any help at all would be appreciated.

Regards

Jamie

----------------------Code
-------------------------------------------------------

#use lib "/home/username/local/lib/site_perl/5.6.0/i686-linux/";
#use lib "/home/username/local/lib/site_perl/5.6.0/";

use CGI -debug;
use CGI::Carp fatalsToBrowser;

$rgt = new CGI;

$recipient = "jamie\@jamieallison.co.uk";
$subject = $rgt->param("subject");
$redirect = $rgt->param("redirect");
$senderName = $rgt->param("senderName");
$sender = $rgt->param("sender");
$body = $rgt->param("body");
$sendmail = '/usr/lib/sendmail';

email($subject,$recipient,$sender ,$sender ,$body, $senderName);

print "Status: 302 Moved\nLocation: $redirect\n\n";

sub email ($$$$$$)
{
my ($subject, $to, $from, $etitle, $body, $senderName) = @_;

open (MAIL, "| $sendmail -i -t" );
print MAIL <<MAIL_MESSAGE;
Subject:$subject
To:$to
Reply-to:$from
From:$etitle

$senderName sent the below message:-

$body
MAIL_MESSAGE
close MAIL;
}
return 1;

--------------------------------end
code----------------------------------------

Posted by A. Sinan Unur on March 29, 2006, 6:04 pm

Please log in for more thread options

> I have the below script hosted on a website which i run. The problem

> is that someone seems to be using it to send SPAM out vie the HTML

> form i use for people to input thier details. I have hardcoded the

> recipient into the CGI script so does anyone know how they can manage

> to use this script to send out mail as SPAM

Quite trivially, by embedding Cc: or Bcc: header in the sender CGI
parameter. And, no, they don't have to use the online form to submit to
your CGI script.

> and what i should change to stop it?

You have no checks on the input provided. Make sure that the sender
field contains only a single email address and nothing else.

> #use lib "/home/username/local/lib/site_perl/5.6.0/i686-linux/";

> #use lib "/home/username/local/lib/site_perl/5.6.0/";

> use CGI -debug;

> use CGI::Carp fatalsToBrowser;

use strict;
use warnings;

missing.

> $rgt = new CGI;

You probably want:

$CGI::POST_MAX = 16384;
$CGI::DISABLE_UPLOADS = 1;

as well.

> $recipient = "jamie\@jamieallison.co.uk";

my $recipient = 'jamie@jamieallison.co.uk';

> $subject = $rgt->param("subject");

> $redirect = $rgt->param("redirect");

> $senderName = $rgt->param("senderName");

> $sender = $rgt->param("sender");

> $body = $rgt->param("body");

> $sendmail = '/usr/lib/sendmail';

> email($subject,$recipient,$sender ,$sender ,$body, $senderName);

> print "Status: 302 Moved\nLocation: $redirect\n\n";

> sub email ($$$$$$)

Why the prototype?

> {

> my ($subject, $to, $from, $etitle, $body, $senderName) = @_;

> open (MAIL, "| $sendmail -i -t" );

> print MAIL <<MAIL_MESSAGE;

> Subject:$subject

> To:$to

$to is undefined

> Reply-to:$from

> From:$etitle

$etitle is undefined

Sinan
--
(remove .invalid and reverse each component for email address)

comp.lang.perl.misc guidelines on the WWW:
http://augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.html

Posted by Gunnar Hjalmarsson on March 29, 2006, 6:09 pm

Please log in for more thread options

Jamie Allison wrote:

> I have the below script hosted on a website which i run. The problem is

> that someone seems to be using it to send SPAM out vie the HTML form i use

> for people to input thier details. I have hardcoded the recipient into the

> CGI script so does anyone know how they can manage to use this script to

> send out mail as SPAM

Consider, for instance, what happens if somebody submits from a form
that includes:

<textarea name="subject">Some subject
Cc: victim1@example.com, victim2@example.com</textarea>

> and what i should change to stop it?

Don't use the script. It's crap.

You may want to consider the CPAN module CGI::ContactForm instead:
http://www.gunnar.cc/contactform/readme.html

> It is causing us realy problems. I have removed the script until we can find

a fix as we

> are receiving hundereds of delivery failures to random addresses a day.

Unfortunately this might have caused your mail server to be blacklisted...

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

Similar Threads	Posted
Converting email	December 21, 2004, 6:14 pm
Attaching to an email	May 18, 2006, 5:59 pm
Yahoo email	October 2, 2008, 10:56 am
Email::Filter hello world	August 15, 2004, 3:36 pm
Manipulating ANY type of email	January 3, 2006, 5:03 pm
Sending Email from Perl - PLEASE help	April 25, 2006, 1:49 pm
Script to delete email from an account	February 1, 2006, 11:07 am
Email address syntax check?	December 2, 2006, 2:58 pm
Email-Filtering, what is used nowadays? (and integration w/ SpamAssassin)	April 24, 2007, 7:27 am
Problem installing module Email-Send	December 4, 2007, 8:39 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap