[WEB4LIB] Re: free form mailer

Raymond Wood raywood at magma.ca
Wed Aug 8 15:01:36 EDT 2001 

On 8 Aug 2001, at 11:23, McCoy, Thomas wrote:

You raise a number of issues here.  I will try to clarify each as best I 
can...

> FormMail requires that Sendmail be installed on the server.  

Not necessarily.  Sendmail (a so-called 'MTA' ['Mail Transport 
Agent']) is typically the default on UNIX systems, and FormMail is 
written with Sendmail in mind.  So the first question would be: are 
the servers in question running a Unix operating system?  If not, see 
last paragraph of my email below.  If yes, read on.  

If Sendmail is not installed on your Unix server, then typically there 
will be an alternative MTA.  The FormMail script can be easily 
modified to accomodate this (a fellow in our office just offered to do it; 
estimated time = 5 mintues :) if need be.  So you would need to 
clarify which MTA is being used on the server in question.

For further info, see the URL below (item 1, sub-section 2):
  http://www.worldwidemart.com/scripts/faq/formmail.shtml

> Our server does
> not have this Perl component...

Careful - sendmail is not a perl component.  The two are separate 
and distinct.  The former is an MTA; the latter is a scripting 
language.  So, for instance, you could easily have a situation where 
sendmail is not installed but perl is, or vice versa.

> I was told it was left off because hackers

I assume you mean 'crackers' here.  (Crackers are malicious, while 
hackers are not).

> can use it to gain access to the server.  Is this true?

The short answer is no.  

Security in general requires an ongoing effort - it is a constantly 
changing landscape.  Sendmail, like many many applications, has 
been 'exploited' in the past by system crackers to gain unauthorized 
access.  AFAIK, however, there have been no sendmail-based 
exploits for quite some time (i.e. a few years) and that's as good a 
record as anyone can expect.

So if you are running a Unix server, sendmail may not be installed 
but other MTA's may be available. The next step is to clarify this.

Another possibility is that the server in question is not running Unix 
(unfortunate, but it does sometimes occur  :)  Fortunately, the 
FormMail script has also been ported to less fortunate operating 
systems <grin> - see this URL for more info (see section entitled 
'Ports of FormMail to other Operating Systems'):  
  http://worldwidemart.com/scripts/formmail.shtml

Hope that helps,
Raymond

>> -----Original Message----- 
>>
>>
>> FormMail is a free perl script that does exactly this.  It will run on 
>> Linux or Windows and requires only that Perl is installed on the 
>> server.


--
"Freedom is no longer available for free."
  (recent 'newspeak' from ZeroKnowledge Systems)

More information about the Web4lib mailing list