in reply to Re: Port 80 Mail Relay (Spammers Welcome?)
in thread Port 80 Mail Relay (Spammers Welcome?)

whoa, I like this. It can be extended.

I don't like SSI (and fortunately only one existing customer was using it, so I only support it on one site :) but I could require ... what, an include of some kind? ... on the form page that generates a key. if the key is not there, the mail just doesn't go.

I can quickly and easily migrate all existing forms using a perl script, and require all new forms to use the key generator. Instructions can be integrated with the existing "how to".

I will admit first though, btrott has written a replacement program called stamp that I'm looking at right now. It looks *really* good, though it's not backward compatible. (Thanks to crazyinsomniac who pointed it out to me.)

  • Comment on Re: Re: Port 80 Mail Relay (Spammers Welcome?)

Replies are listed 'Best First'.
Re: Re: Re: Port 80 Mail Relay (Spammers Welcome?)
by blakem (Monsignor) on Sep 13, 2001 at 15:23 UTC
    I wasn't advocating SSI, just pointing out that the submission forms weren't static html. You've got the basic idea though... a carefully crafted perl -pi -e 's///' on the existing forms, along with an hourly cron job to update the "secret" key was all it took. Not a great solution, but perhaps good-enough for the short term.

    -Blake

[reply]
[d/l]

      How about an encrypted string containing a timestamp (to avaoid the cron job), the recipient address and a secret key that must be passed as hidden input and validated by formmail?

      alex pleiner <alex@zeitform.de>
      zeitform Internet Dienste

[reply]
        I don't think its worth getting too complicated with it... After all the "password" is sitting right there in the HTML file. No matter how you generate it, someone could easily slurp it up and use it for nefarious purposes. Luckilly, troublemakers usually don't take that extra step, they just move on to the next MSA site.

        -Blake

[reply]

In Section Seekers of Perl Wisdom