The cgiemail webmaster guide
This guide answers the following questions:
The purpose of cgiemail, a CGI program
written in C for Unix, is to take the input of WWW
forms and convert it to an e-mail format defined by the author of
the WWW form, so that the resulting e-mail messages are not difficult to
sort through. Using it requires slightly more work than forms-to-email
programs with less flexibility in e-mail format. Nevertheless, users
with no programming experience can follow the simple step-by-step
instructions in the cgiemail user guide.
- What is cgiemail and why would I want it?
- If I don't want cgiemail, what else is there?
- What security issues are there?
- Can I just download a binary?
- Where can I download cgiemail
- How do I build and install it?
- How do I tell if the installation worked?
- How do I find out about new releases?
- What's new in release 1.6?
- What's new in release 1.5?
- What's new in release 1.4?
- What's new in release 1.3?
- What's new in release 1.2?
- What's new in release 1.1?
It's easy to get cgiemail up and running. Ten minutes is the median
time reported. Webmasters who are familiar with Unix frequently report
getting cgiemail up in two minutes.
You do not want cgiemail if either of these is true:
You do want cgiemail if any of these is true:
- Controlling the layout of e-mail messages is unimportant to
your information providers.
- Your WWW server is not running a variant of Unix. Sorry, there is
no version for Windows or MacOS here. See the next section for other possibilities.
- Controlling the layout of e-mail messages is important to
your information providers.
- You have a number of information providers putting forms your web
site and you don't want to install a perl script for every form.
- You want to facilitate the creation of forms accessible
to users with disabilities.
developed programs with the same functionality:
- Gypsy Mail is a free cgiemail clone written in Python.
- MailPost for
Windows 32 bit webservers (primarily O'Reilly's Website)
If cgiemail isn't what you're looking for, check the following sites
for programs that might fit your needs more precisely.
Here are some notes about cgiemail in relation to the three types
of security listed in The
WWW Security FAQ (January 1998 version). I hope you find these
notes helpful, but you should refer to the file
mit-copyright.h re. MIT's non-warranty of this software.
There are basically three overlapping types of risk, listed here with
the extent to which cgiemail has each risk.
- Bugs or misconfiguration problems in the Web server that allow
unauthorized remote users to:
- Steal confidential documents not intended for their eyes.
Small risk: A private or confidential document stored in the
Web site's document tree (not elsewhere in the filesystem)
can fall into the hands of unauthorized individuals if all of the
following conditions are met:
- The web server must allow
point to said document even if direct access to the document
would be denied.
- The document must look like a template file to cgiemail,
i.e. contain text enclosed in square brackets.
- The text in at least one set of square brackets must be
known to the attacker.
- The URL of the private document must be known to the
- Execute commands on the server host machine, allowing them
to modify the system.
Non-risk: Since cgiemail does not pass any form data to the
shell, it is not vulnerable to ``special character'' holes. The
code has been checked for buffer overflows. I believe there are
none, but I must mention that MIT owns the software and makes no
guarantees. Refer to the file mit-copyright.h in the
- Gain information about the Web server's host machine that
will allow them to break into the system.
Non-risk: cgiemail does not give users such information.
- Launch denial-of-service attacks, rendering the machine
Non-risk: cgiemail does not increase vulnerability to
- Browser-side risks, including:
- Active content that crashes the browser, damages the
user's system, breaches the user's privacy, or merely
creates an annoyance.
Non-risk: does not apply to cgiemail
- The misuse of personal information knowingly or unkowingly
provided by the end-user.
Small risk: form creators can trace the origin of
mail sent with cgiemail to about the same extent regular
e-mail can be traced. They can also choose to see what
browser software the end-user uses, since most browser
software identifies itself to the web server. Most
modern mail software also identifies itself in each mail
message (the X-Mailer header), so this is not considered a
breach of privacy.
- Interception of network data sent from browser to server or vice
versa via network eavesdropping. Eavesdroppers can operate from
any point on the pathway between browser and server.
Risk: With cgiemail as with any form-to-mail program,
eavesdroppers can also operate on any point on the pathway between
the web server and the end reader of the mail. Since there is no
encryption built into cgiemail, it is not recommended for
confidential information such as credit card numbers.
If your Unix platform can run binaries from one of the following, and
sendmail is in the same place as listed below, then you can download the
cgiemail and cgiecho binaries, place them in your cgi-bin directory and
"chmod 755 cgiemail cgiecho" to make sure they're
You can download it right here, and unpack it with the following
commands at the Unix shell prompt in any directory where you have write
permission. Please note the time you download it. Later you
will be asked for the number of minutes from the time you download it to
the time when you get it up, running and tested.
To pick up the latest beta version and try it out:
The simplest way to build it is by typing the following commands at
the Unix shell prompt.
Before you do the configure step, you may want to type
./configure --help and decide if you want to enable/disable
any optional features.
If cgiemail fails to compile with a message like header file
'unistd.h' not found, then your C compiler is not installed
correctly. (It could also mean your version of Unix hasn't been
upgraded since 1990, but probably not.) Consult whoever gave or sold
you the C compiler.
Once you have built cgiemail, simply copy the cgiemail and cgiecho
binaries into your cgi-bin directory. If you are a non-webmaster
installing cgiemail on a server that allows user CGI programs, you will
usually need to add the extension .cgi to cgiemail and
cgiecho. Contact your webmaster for details.
Note: An additional program, cgicso, is built. You
can delete this program and ignore any warnings that occur while it
compiles. It is only useful at MIT, and is included only to avoid
having separate source trees for internal and external use.
Try opening the URL for where you've installed cgiemail, e.g.
You should be taken to a Using cgiemail
If you get an error that doesn't say cgiemail at the bottom,
you either didn't configure your WWW server to run CGI programs, or you
put cgiemail in the wrong directory. Consult your server
If you do get the right error, install the files
testce.txt in your top-level
htdocs directory. (If you install them elsewhere, be sure to set the
correct ACTION in
testce.html.) This test form gives you the opportunity to
send feedback, e.g. how many minutes it took from the time you
downloaded cgiemail to the time it's up and running. (If it isn't up
and running, obviously the mail won't be sent.) You can also choose not
to send the feedback except to your own address for testing purposes.
If you get no errors, feel free to remove
testce.txt. You can also throw away the cgiemail-1.6
directory and its contents. Go ahead and notify your users that cgiemail
is up and running. If, on the other hand you get errors when you try
the test form, follow the appropriate link below:
It is in your best interest to find out when new releases come out.
They may have features you have been waiting for, and might have fixes
for a bug you haven't encountered yet but would encounter later. If you
run a web-hosting service, you get better prominence on the ISP page if you keep up-to-date. The mailing list
has only announcements. You will only get a message every few
months, so there is no reason not to subscribe.
Send a message to firstname.lastname@example.org with
the following in the body (not the subject line) of your message:
SUB CGIEMAIL John Doe
That's if your name is John Doe; otherwise substitute your own
name. You'll get a confirmation message. Ignore the instructions on how
``to send a message to all the people currently subscribed''; the list
is for announcements only.
archive is available.
This release on 1998-04-14 fixes these bugs:
- Two code errors prevented compilation on certain platforms.
- For cgifile, the incoming.txt file is not allowed to be a link.
This release on 1998-01-26 makes success/failure templates work
consistently and be more supportable.
- A bug is fixed that often prevented success/failure templates
from working. Thanks to Ed Orcutt of eosys for tracking it down.
- Failures in a success template are reported correctly.
- Any failure in a failure template falls back on the default
- Error information is better divided between cgierrmsg and cgierrinfo.
- Although it still needs to be installed by hand, cgifile is compiled by default.
This release on 1997-10-27 substantially increases the functionality
of the cgiemail package.
- A new program,
appending incoming information to an incoming.txt file.
- Support is added for success/failure templates incorporating form
- Support is added for %U and %H formatting (URL and HTML encoding)
- Support is added for special
cgidate, cgirelease, cgierrmsg,
- Required fields are enforced
entirely through the template file. This fixes a bug in which
cgiemail would reject a form with multiple same-name required
inputs if only one of them was left blank.
- Leading whitespace in the mail template is removed that otherwise
would have confused sendmail.
- Macintosh users are no longer required to upload template files as text. End-of-line
markers are automatically converted to Unix format at runtime.
- A configuration option (turned off by default) allows bounced mail
to go to the owner of the template file rather than the web
- The required prefix no longer
- If a pipe to sendmail cannot be opened, the error message
includes the command that failed.
This release on 1997-05-29 includes the following changes:
This release on 1997-02-20 eases debugging of various problems with
- Feature: A test form and template are included to facilitate
feedback and simplify testing.
- Feature: CGI environment variables
are enabled unless explicitly disabled at configure time.
- Feature: A mail header, X-Mailer, gives cgiemail release number,
the URL of the HTML form, and the form ACTION.
- Bugfix: A workaround is included for a bug in NetBSD /bin/sh that
prevented configure from finding the path for sendmail.
- Bugfix: Messages from sendmail are ignored if its exit status is
available and indicates success.
This release on 1996-07-25 is primarily bugfixes. The most visible
change is that the release number appears at the bottom of the default
success/error pages, to facilitate debugging problems at sites running
unknown versions. The release name has been changed to a more
conventional format than that used in mit-dcns-cgi950822 and prior.
- A new hidden variable, cgiemail-mailopt, is
introduced. Its only option so far is to allow synchronous mail
delivery, to ease debugging when no
mail gets through and the user doesn't have access to the bounce
- NetBSD users should not encounter any more problems with the
configure script, which was generated with autoconf 2.10.
- If the configure script can't find the path to sendmail, it
defaults to sendmail rather than /bin/false,
which gives some chance of success, and makes the error message
more understandable if sendmail can't be found.
- Because of difficulty on various OS/httpd combinations in getting
a meaningful return value from pclose(), sendmail is assumed to
succeed if and only if it produces no output. Any output is
treated as an error and displayed to the user. No more groveling
through server error logs!
- The mkcmtform script and manpage are no longer included. They
were never useful outside MIT and only confused people.
- If the ACTION is not set correctly,
a page is displayed pointing the user to the user guide.
Other changes are:
- fix a bug that prevented the required- prefix from working for
- prevent cgiemail from spinning if the client goes away
- automatically determine where the sendmail executable lives
- fix the signal mask in order to get the exit status of sendmail
- send CGI headers as proper HTTP headers (ending in CRLF)
cgiemail <cgiemail at mit.edu>
Last modified: Fri Dec 20 12:28:48 EST 2002