The cgiemail webmaster guide

This guide answers the following questions:
  1. What is cgiemail and why would I want it?
  2. If I don't want cgiemail, what else is there?
  3. What security issues are there?
  4. Can I just download a binary?
  5. Where can I download cgiemail source code?
  6. How do I build and install it?
  7. How do I tell if the installation worked?
  8. How do I find out about new releases?
  9. What's new in release 1.6?
  10. What's new in release 1.5?
  11. What's new in release 1.4?
  12. What's new in release 1.3?
  13. What's new in release 1.2?
  14. What's new in release 1.1?

What is cgiemail and why would I want it?

The purpose of cgiemail, a CGI program written in C for Unix, is to take the input of WWW forms and convert it to an e-mail format defined by the author of the WWW form, so that the resulting e-mail messages are not difficult to sort through. Using it requires slightly more work than forms-to-email programs with less flexibility in e-mail format. Nevertheless, users with no programming experience can follow the simple step-by-step instructions in the cgiemail user guide.

It's easy to get cgiemail up and running. Ten minutes is the median time reported. Webmasters who are familiar with Unix frequently report getting cgiemail up in two minutes.

You do not want cgiemail if either of these is true: You do want cgiemail if any of these is true:

If I don't want cgiemail, what else is there?

Others have developed programs with the same functionality:

If cgiemail isn't what you're looking for, check the following sites for programs that might fit your needs more precisely.

What security issues are there?

Here are some notes about cgiemail in relation to the three types of security listed in The WWW Security FAQ (January 1998 version). I hope you find these notes helpful, but you should refer to the file mit-copyright.h re. MIT's non-warranty of this software.

There are basically three overlapping types of risk, listed here with the extent to which cgiemail has each risk.

  1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:
  2. Browser-side risks, including:
  3. Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server.
    Risk: With cgiemail as with any form-to-mail program, eavesdroppers can also operate on any point on the pathway between the web server and the end reader of the mail. Since there is no encryption built into cgiemail, it is not recommended for confidential information such as credit card numbers.

Can I just download a binary?

If your Unix platform can run binaries from one of the following, and sendmail is in the same place as listed below, then you can download the cgiemail and cgiecho binaries, place them in your cgi-bin directory and "chmod 755 cgiemail cgiecho" to make sure they're executable.

Platformsendmail locationRelease
HP-UX A.09.01/usr/lib/sendmail 1.5
IRIX 5.3/usr/lib/sendmail 1.5
Linux 2.0.32/usr/sbin/sendmail 1.5
NetBSD 1.2/usr/sbin/sendmail 1.5
SunOS 5.5.1/usr/lib/sendmail 1.5

Where can I download cgiemail source?

You can download it right here, and unpack it with the following commands at the Unix shell prompt in any directory where you have write permission. Please note the time you download it. Later you will be asked for the number of minutes from the time you download it to the time when you get it up, running and tested.

To pick up the latest beta version and try it out:

How do I build and install it?

The simplest way to build it is by typing the following commands at the Unix shell prompt.

    cd cgiemail-1.6

Before you do the configure step, you may want to type ./configure --help and decide if you want to enable/disable any optional features.

If cgiemail fails to compile with a message like header file 'unistd.h' not found, then your C compiler is not installed correctly. (It could also mean your version of Unix hasn't been upgraded since 1990, but probably not.) Consult whoever gave or sold you the C compiler.

Once you have built cgiemail, simply copy the cgiemail and cgiecho binaries into your cgi-bin directory. If you are a non-webmaster installing cgiemail on a server that allows user CGI programs, you will usually need to add the extension .cgi to cgiemail and cgiecho. Contact your webmaster for details.

Note: An additional program, cgicso, is built. You can delete this program and ignore any warnings that occur while it compiles. It is only useful at MIT, and is included only to avoid having separate source trees for internal and external use.

How do I tell if the installation worked?

Try opening the URL for where you've installed cgiemail, e.g.

You should be taken to a Using cgiemail page.

If you get an error that doesn't say cgiemail at the bottom, you either didn't configure your WWW server to run CGI programs, or you put cgiemail in the wrong directory. Consult your server documentation.

If you do get the right error, install the files testce.html and testce.txt in your top-level htdocs directory. (If you install them elsewhere, be sure to set the correct ACTION in testce.html.) This test form gives you the opportunity to send feedback, e.g. how many minutes it took from the time you downloaded cgiemail to the time it's up and running. (If it isn't up and running, obviously the mail won't be sent.) You can also choose not to send the feedback except to your own address for testing purposes.

If you get no errors, feel free to remove testce.html and testce.txt. You can also throw away the cgiemail-1.6 directory and its contents. Go ahead and notify your users that cgiemail is up and running. If, on the other hand you get errors when you try the test form, follow the appropriate link below:

How do I find out about new releases?

It is in your best interest to find out when new releases come out. They may have features you have been waiting for, and might have fixes for a bug you haven't encountered yet but would encounter later. If you run a web-hosting service, you get better prominence on the ISP page if you keep up-to-date. The mailing list has only announcements. You will only get a message every few months, so there is no reason not to subscribe.

Send a message to with the following in the body (not the subject line) of your message:


That's if your name is John Doe; otherwise substitute your own name. You'll get a confirmation message. Ignore the instructions on how ``to send a message to all the people currently subscribed''; the list is for announcements only.

A archive is available.

What's new in release 1.6?

This release on 1998-04-14 fixes these bugs:

What's new in release 1.5?

This release on 1998-01-26 makes success/failure templates work consistently and be more supportable.

What's new in release 1.4?

This release on 1997-10-27 substantially increases the functionality of the cgiemail package.

What's new in release 1.3?

This release on 1997-05-29 includes the following changes:

What's new in release 1.2?

This release on 1997-02-20 eases debugging of various problems with sendmail.

What's new in release 1.1?

This release on 1996-07-25 is primarily bugfixes. The most visible change is that the release number appears at the bottom of the default success/error pages, to facilitate debugging problems at sites running unknown versions. The release name has been changed to a more conventional format than that used in mit-dcns-cgi950822 and prior.

Other changes are:

cgiemail <cgiemail at>
Last modified: Fri Dec 20 12:28:48 EST 2002

HTML 3.2 Checked! Validate me