in reply to smtp authentication in perl script for contact form

Perl provides many ways to help you if you let it.

If you put the line use warnings; near the top of your script, Perl will tell you what goes wrong. In your case, Perl sees a variable, @xxxx in the string "username@xxxx.com" in your code.

If you want to turn such instances of misspelled or misidentified variable names into errors, add the line use strict; near the top of your program as well. This is considered good programming practice.

The easiest fix in your case is to use single quotes instead of double quotes, because strings in single quotes are never examined by Perl for containing variable names:

$Set_From='xxxxx@xxxxxx.com';
$username = '????@????.com';

[download]

But note that your script is a huge open gate for spammers. You never check whether $fromaddr contains what you think it should. For example, a malicious user could sent MAIL TO: everybody@gmail.com\nSubject: Buy Viagra\n\nBuy cheap viagra into $fromaddr and your script would then blast out an email in your name to the spammers mail list. Please take a look at the nms formmail script, which does not contain such security holes.

Replies are listed 'Best First'.
Re^2: smtp authentication in perl script for contact form
by Anonymous Monk on Nov 30, 2015 at 15:35 UTC

    Hello Corion,

    Thanks for your input!
    I have repaced the double quotes for the single quotes as you recommended aswell as the use strict; and use warnings; to get to the quick fix, but then I get a 500 internal server error.

    But I think it is better to concentrate on a good script as you suggested then to continue using current script with a huge open gate.

    Therefore I followed your link and used TFMail Autoinstall to install the script onto the server.
    When I run the script I get the error:

    Application Error

    An error has occurred in the program

    SMTP command RCPT TO:<xxxx@xxxx.com> gave response [554 5.7.1 <firewall.vhosting.namehost.com11.222.68.68>: Client host rejected: Access denied ] at /home/vhosting/z/vhost0028581/domains/xxxx.com/htdocs/www/cgi-bin/websiteformulier.cgi line 967, <GEN1> line 4.

    I think the error occurs because the host needs SMTP Authentication? E.g. I did not give SMTP_PORT, SSL="OFF", username / password.

    Would that not be necessary?br>
    BR
    Olaf

[reply]

      I don't know about the vhost and firewall setup of your hosting provider.

      Most likely, a fix is to set up the mail program correctly:

        $mailprog          = '/usr/lib/sendmail -oi -t';

      [download]

      If you set the variable to smtp:xxx, this error is your ISP telling you that they don't allow direct SMTP connections, most likely for spam reasons.

[reply]
[d/l]
[select]
        Hi Corion,
        I have asked them and they replied:

        Outgoing mail server: smtp.mail.hostname.com
        port for outgoing mail: 587
        SSL: Disabled
        Authentication Through e-mail address and password

        (sendmail as mailprog does not work)
        I did tried the sendmail option before i asked them as you suggested and script works but e-mail is not send. Browser shows the ok page.
[reply]

In Section Seekers of Perl Wisdom