The cgiemail webmaster guide

1. What is cgiemail and why would I want it?
2. If I don't want cgiemail, what else is there?
3. What security issues are there?
4. Can I just download a binary?
5. Where can I download cgiemail source code?
6. How do I build and install it?
7. How do I tell if the installation worked?
8. How do I find out about new releases?
9. What's new in release 1.6?
10. What's new in release 1.5?
11. What's new in release 1.4?
12. What's new in release 1.3?
13. What's new in release 1.2?
14. What's new in release 1.1?

What is cgiemail and why would I want it?

It's easy to get cgiemail up and running. Ten minutes is the median time reported. Webmasters who are familiar with Unix frequently report getting cgiemail up in two minutes.

• Controlling the layout of e-mail messages is unimportant to your information providers.
• Your WWW server is not running a variant of Unix. Sorry, there is no version for Windows or MacOS here. See the next section for other possibilities.

• Controlling the layout of e-mail messages is important to your information providers.
• You have a number of information providers putting forms your web site and you don't want to install a perl script for every form.
• You want to facilitate the creation of forms accessible to users with disabilities.

If I don't want cgiemail, what else is there?

Others have developed programs with the same functionality:

• Gypsy Mail is a free cgiemail clone written in Python.
• MailPost for Windows 32 bit webservers (primarily O'Reilly's Website)

If cgiemail isn't what you're looking for, check the following sites for programs that might fit your needs more precisely.

• At Yahoo, see ``Internet:World Wide Web:Gateways:Email Gateways''.
• The CGI Resource Index lists programs and scripts sorted by language, e.g. C and C++.
• ScriptSearch catalogs scripts by language and purpose, e.g. C/C++ Communication Mail utilities.
• In the WWW FAQ, see ``How can users send me comments and/or email?''.

What security issues are there?

Here are some notes about cgiemail in relation to the three types of security listed in The WWW Security FAQ (January 1998 version). I hope you find these notes helpful, but you should refer to the file mit-copyright.h re. MIT's non-warranty of this software.

There are basically three overlapping types of risk, listed here with the extent to which cgiemail has each risk.

1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:
   • Steal confidential documents not intended for their eyes.
     Small risk: A private or confidential document stored in the Web site's document tree (not elsewhere in the filesystem) can fall into the hands of unauthorized individuals if all of the following conditions are met:
     • The web server must allow PATH_TRANSLATED to point to said document even if direct access to the document would be denied.
     • The document must look like a template file to cgiemail, i.e. contain text enclosed in square brackets.
     • The text in at least one set of square brackets must be known to the attacker.
     • The URL of the private document must be known to the attacker.
   • Execute commands on the server host machine, allowing them to modify the system.
     Non-risk: Since cgiemail does not pass any form data to the shell, it is not vulnerable to ``special character'' holes. The code has been checked for buffer overflows. I believe there are none, but I must mention that MIT owns the software and makes no guarantees. Refer to the file mit-copyright.h in the distribution.
   • Gain information about the Web server's host machine that will allow them to break into the system.
     Non-risk: cgiemail does not give users such information.
   • Launch denial-of-service attacks, rendering the machine temporarily unusable.
     Non-risk: cgiemail does not increase vulnerability to denial-of-service attacks.
2. Browser-side risks, including:
   • Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.
     Non-risk: does not apply to cgiemail
   • The misuse of personal information knowingly or unkowingly provided by the end-user.
     Small risk: form creators can trace the origin of mail sent with cgiemail to about the same extent regular e-mail can be traced. They can also choose to see what browser software the end-user uses, since most browser software identifies itself to the web server. Most modern mail software also identifies itself in each mail message (the X-Mailer header), so this is not considered a breach of privacy.
3. Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server.
   Risk: With cgiemail as with any form-to-mail program, eavesdroppers can also operate on any point on the pathway between the web server and the end reader of the mail. Since there is no encryption built into cgiemail, it is not recommended for confidential information such as credit card numbers.

Can I just download a binary?

If your Unix platform can run binaries from one of the following, and sendmail is in the same place as listed below, then you can download the cgiemail and cgiecho binaries, place them in your cgi-bin directory and "chmod 755 cgiemail cgiecho" to make sure they're executable.

Where can I download cgiemail source?

You can download it right here, and unpack it with the following commands at the Unix shell prompt in any directory where you have write permission. Please note the time you download it. Later you will be asked for the number of minutes from the time you download it to the time when you get it up, running and tested.

• cgiemail-1.6.tar.gz (28k compressed with the GNU software utility gzip)
  gzip -dc cgiemail-1.6.tar.gz | tar xvf -
• cgiemail-1.6.tar (120k uncompressed, in case you don't have gzip)
  tar xvf cgiemail-1.6.tar

• cgiemail-beta.tar.gz (38k compressed with the GNU software utility gzip)
  gzip -dc cgiemail-beta.tar.gz | tar xvf -

How do I build and install it?

The simplest way to build it is by typing the following commands at the Unix shell prompt.

    cd cgiemail-1.6
    ./configure
    make

Before you do the configure step, you may want to type ./configure --help and decide if you want to enable/disable any optional features.

If cgiemail fails to compile with a message like header file 'unistd.h' not found, then your C compiler is not installed correctly. (It could also mean your version of Unix hasn't been upgraded since 1990, but probably not.) Consult whoever gave or sold you the C compiler.

Once you have built cgiemail, simply copy the cgiemail and cgiecho binaries into your cgi-bin directory. If you are a non-webmaster installing cgiemail on a server that allows user CGI programs, you will usually need to add the extension .cgi to cgiemail and cgiecho. Contact your webmaster for details.

Note: An additional program, cgicso, is built. You can delete this program and ignore any warnings that occur while it compiles. It is only useful at MIT, and is included only to avoid having separate source trees for internal and external use.

How do I tell if the installation worked?

http://www.myname.com/cgi-bin/cgiemail/

You should be taken to a Using cgiemail page.

If you get an error that doesn't say cgiemail at the bottom, you either didn't configure your WWW server to run CGI programs, or you put cgiemail in the wrong directory. Consult your server documentation.

If you do get the right error, install the files testce.html and testce.txt in your top-level htdocs directory. (If you install them elsewhere, be sure to set the correct ACTION in testce.html.) This test form gives you the opportunity to send feedback, e.g. how many minutes it took from the time you downloaded cgiemail to the time it's up and running. (If it isn't up and running, obviously the mail won't be sent.) You can also choose not to send the feedback except to your own address for testing purposes.

If you get no errors, feel free to remove testce.html and testce.txt. You can also throw away the cgiemail-1.6 directory and its contents. Go ahead and notify your users that cgiemail is up and running. If, on the other hand you get errors when you try the test form, follow the appropriate link below:

• 503 cannot write temporary file
• 500 sendmail exit with error message (cgiemail 1.2 and later)
• 500 Exit status of sendmail (cgiemail 1.1)

How do I find out about new releases?

It is in your best interest to find out when new releases come out. They may have features you have been waiting for, and might have fixes for a bug you haven't encountered yet but would encounter later. If you run a web-hosting service, you get better prominence on the ISP page if you keep up-to-date. The mailing list has only announcements. You will only get a message every few months, so there is no reason not to subscribe.

Send a message to listserv@mitvma.mit.edu with the following in the body (not the subject line) of your message:

SUB CGIEMAIL John Doe

That's if your name is John Doe; otherwise substitute your own name. You'll get a confirmation message. Ignore the instructions on how ``to send a message to all the people currently subscribed''; the list is for announcements only.

What's new in release 1.6?

This release on 1998-04-14 fixes these bugs:

• Two code errors prevented compilation on certain platforms.
• For cgifile, the incoming.txt file is not allowed to be a link.

What's new in release 1.5?

This release on 1998-01-26 makes success/failure templates work consistently and be more supportable.

• A bug is fixed that often prevented success/failure templates from working. Thanks to Ed Orcutt of eosys for tracking it down.
• Failures in a success template are reported correctly.
• Any failure in a failure template falls back on the default failure page.
• Error information is better divided between cgierrmsg and cgierrinfo.
• Although it still needs to be installed by hand, cgifile is compiled by default.

What's new in release 1.4?

This release on 1997-10-27 substantially increases the functionality of the cgiemail package.

• A new program, cgifile, supports appending incoming information to an incoming.txt file.
• Support is added for success/failure templates incorporating form input values.
• Support is added for %U and %H formatting (URL and HTML encoding)
• Support is added for special variables: cgidate, cgirelease, cgierrmsg, cgierrinfo.
• Required fields are enforced entirely through the template file. This fixes a bug in which cgiemail would reject a form with multiple same-name required inputs if only one of them was left blank.
• Leading whitespace in the mail template is removed that otherwise would have confused sendmail.
• Macintosh users are no longer required to upload template files as text. End-of-line markers are automatically converted to Unix format at runtime.
• A configuration option (turned off by default) allows bounced mail to go to the owner of the template file rather than the web server's mailbox.
• The required prefix no longer requires a hyphen (better interaction with JavaScript).
• If a pipe to sendmail cannot be opened, the error message includes the command that failed.

What's new in release 1.3?

This release on 1997-05-29 includes the following changes:

• Feature: A test form and template are included to facilitate feedback and simplify testing.
• Feature: CGI environment variables are enabled unless explicitly disabled at configure time.
• Feature: A mail header, X-Mailer, gives cgiemail release number, the URL of the HTML form, and the form ACTION.
• Bugfix: A workaround is included for a bug in NetBSD /bin/sh that prevented configure from finding the path for sendmail.
• Bugfix: Messages from sendmail are ignored if its exit status is available and indicates success.

What's new in release 1.2?

• A new hidden variable, cgiemail-mailopt, is introduced. Its only option so far is to allow synchronous mail delivery, to ease debugging when no mail gets through and the user doesn't have access to the bounce message.
• NetBSD users should not encounter any more problems with the configure script, which was generated with autoconf 2.10.
• If the configure script can't find the path to sendmail, it defaults to sendmail rather than /bin/false, which gives some chance of success, and makes the error message more understandable if sendmail can't be found.
• Because of difficulty on various OS/httpd combinations in getting a meaningful return value from pclose(), sendmail is assumed to succeed if and only if it produces no output. Any output is treated as an error and displayed to the user. No more groveling through server error logs!
• The mkcmtform script and manpage are no longer included. They were never useful outside MIT and only confused people.
• If the ACTION is not set correctly, a page is displayed pointing the user to the user guide.

What's new in release 1.1?

Other changes are:

• fix a bug that prevented the required- prefix from working for checkboxes
• prevent cgiemail from spinning if the client goes away
• automatically determine where the sendmail executable lives
• fix the signal mask in order to get the exit status of sendmail
• send CGI headers as proper HTTP headers (ending in CRLF)

Validate me