C
Craig
I keep getting the error "Error: Bad/No Recipient" when submitting a form
using formmail.pl
Here is the part of the formmail.pl that you are supposed to alter to suit
your needs using fake url and ip addresses:
#!/usr/bin/perl
############################################################################
##
# FormMail Version 1.92
#
# Copyright 1995-2002 Matt Wright (e-mail address removed)
#
# Created 06/09/95 Last Modified 04/21/02
#
# Matt's Script Archive, Inc.: http://www.scriptarchive.com/
#
############################################################################
##
# COPYRIGHT NOTICE
#
# Copyright 1995-2002 Matthew M. Wright All Rights Reserved.
#
#
#
# FormMail may be used and modified free of charge by anyone so long as this
#
# copyright notice and the comments above remain intact. By using this
#
# code you agree to indemnify Matthew M. Wright from any liability that
#
# might arise from its use.
#
#
#
# Selling the code for this program without prior written consent is
#
# expressly forbidden. In other words, please ask first before you try and
#
# make money off of my program.
#
#
#
# Obtain permission before redistributing this software over the Internet or
#
# in any other medium. In all cases copyright and header must remain intact.
#
############################################################################
##
# ACCESS CONTROL FIX: Peter D. Thompson Yezek
#
# http://www.securityfocus.com/archive/1/62033
#
############################################################################
##
# Define Variables
#
# Detailed Information Found In README File.
#
# $mailprog defines the location of your sendmail program on your unix
#
# system. The flags -i and -t should be passed to sendmail in order to
#
# have it ignore single dots on a line and to read message for recipients
#
$mailprog = '/usr/lib/sendmail -i -t';
# @referers allows forms to be located only on servers which are defined
#
# in this field. This security fix from the last version which allowed
#
# anyone on any server to use your FormMail script on their web site.
#
@referers = ('www.test.com','555.555.555.555);
# @recipients defines the e-mail addresses or domain names that e-mail can
#
# be sent to. This must be filled in correctly to prevent SPAM and allow
#
# valid addresses to receive e-mail. Read the documentation to find out how
#
# this variable works!!! It is EXTREMELY IMPORTANT.
#
@recipients = &fill_recipients(@referers);
# ACCESS CONTROL FIX: Peter D. Thompson Yezek
#
# @valid_ENV allows the sysadmin to define what environment variables can
#
# be reported via the env_report directive. This was implemented to fix
#
# the problem reported at http://www.securityfocus.com/bid/1187
#
@valid_ENV = ('REMOTE_HOST','REMOTE_ADDR','REMOTE_USER','HTTP_USER_AGENT');
# Done
#
############################################################################
##
Here is the associated HTML code using fake recipient and form action info:
<form name="TEST" method="post"
action="http://www.test.com/cgi-bin/FormMail.pl">
Rest of form fields are here....
<input type="hidden" name="recipient" value="(e-mail address removed)">
<input type="hidden" name="subject" value="TEST">
<input type="hidden" name="redirect" value="thank_you.htm">
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
Does anyone have any clues why this does not work?
Craig
using formmail.pl
Here is the part of the formmail.pl that you are supposed to alter to suit
your needs using fake url and ip addresses:
#!/usr/bin/perl
############################################################################
##
# FormMail Version 1.92
#
# Copyright 1995-2002 Matt Wright (e-mail address removed)
#
# Created 06/09/95 Last Modified 04/21/02
#
# Matt's Script Archive, Inc.: http://www.scriptarchive.com/
#
############################################################################
##
# COPYRIGHT NOTICE
#
# Copyright 1995-2002 Matthew M. Wright All Rights Reserved.
#
#
#
# FormMail may be used and modified free of charge by anyone so long as this
#
# copyright notice and the comments above remain intact. By using this
#
# code you agree to indemnify Matthew M. Wright from any liability that
#
# might arise from its use.
#
#
#
# Selling the code for this program without prior written consent is
#
# expressly forbidden. In other words, please ask first before you try and
#
# make money off of my program.
#
#
#
# Obtain permission before redistributing this software over the Internet or
#
# in any other medium. In all cases copyright and header must remain intact.
#
############################################################################
##
# ACCESS CONTROL FIX: Peter D. Thompson Yezek
#
# http://www.securityfocus.com/archive/1/62033
#
############################################################################
##
# Define Variables
#
# Detailed Information Found In README File.
#
# $mailprog defines the location of your sendmail program on your unix
#
# system. The flags -i and -t should be passed to sendmail in order to
#
# have it ignore single dots on a line and to read message for recipients
#
$mailprog = '/usr/lib/sendmail -i -t';
# @referers allows forms to be located only on servers which are defined
#
# in this field. This security fix from the last version which allowed
#
# anyone on any server to use your FormMail script on their web site.
#
@referers = ('www.test.com','555.555.555.555);
# @recipients defines the e-mail addresses or domain names that e-mail can
#
# be sent to. This must be filled in correctly to prevent SPAM and allow
#
# valid addresses to receive e-mail. Read the documentation to find out how
#
# this variable works!!! It is EXTREMELY IMPORTANT.
#
@recipients = &fill_recipients(@referers);
# ACCESS CONTROL FIX: Peter D. Thompson Yezek
#
# @valid_ENV allows the sysadmin to define what environment variables can
#
# be reported via the env_report directive. This was implemented to fix
#
# the problem reported at http://www.securityfocus.com/bid/1187
#
@valid_ENV = ('REMOTE_HOST','REMOTE_ADDR','REMOTE_USER','HTTP_USER_AGENT');
# Done
#
############################################################################
##
Here is the associated HTML code using fake recipient and form action info:
<form name="TEST" method="post"
action="http://www.test.com/cgi-bin/FormMail.pl">
Rest of form fields are here....
<input type="hidden" name="recipient" value="(e-mail address removed)">
<input type="hidden" name="subject" value="TEST">
<input type="hidden" name="redirect" value="thank_you.htm">
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
Does anyone have any clues why this does not work?
Craig