-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

You have a CGI script that will parse a HTML form, and send an email with the results of the interpretation to an email address supplied at the form.

It depends on your web-server, I've only had experience with Apache httpd

Apache httpd is usually in EITHER:

/usr/local/apache2 OR /var/www In both cases you need to put the script in the cgi-bin directory: /usr/local/apache2/cgi-bin /var/www/cgi-bin You'd have to chmod the script to make it executable:

chmod 755 script.pl And you can access it by:

http://www.mywebsite.com/cgi-bin/script.pl

All local paths mentioned are general *nix (I work with RedHat) so if you're using windows, then I can't tell you where the 'cgi-bin' is, but I know that you'd have to find it to use the scripts.

This again is all assuming that you're hosting the website. If you employ hosting services from another company, then you may well need to find out where their 'cgi-bin' is and if you have permission to upload into it.

Hope this helped a little

Assuming the server you're installing on already has Perl, you would upload the script to your server into an area that accepts CGI scripts, make it executable, possibly rename it to end in .cgi, and then go to the URL associated with the CGI script.

All of the details will depend on how your server is set up.

Also, be careful configuring formmail. If you're not, it can be used to relay mail via your Web server, and many spammers are actively abusing misconfigured formmail scripts.

When I did a formmail type script I just composed the email into a scalar and did a system of sendmail... Since this thread is on that topic..is this bad form? Or is it something that could be used to accomodate this task? I'm failing to understand somethings I'm sure.

edit: My script only went to a certain set of people, It was for computer lab assistants to start a paper trail of a lab machine's downtime. At the time I didn't think that it was important to build any more security in that script. If I had it to do over I would try and find a better way to do it.

Is there a way to check the source of the CGI request? making sure the request was only called from your page would do the trick if that's possible.

It depends on what's settable from a CGI variable. If you get the address where the mail is sent to and the body from the Web, any random user can use your Web server to send any spam they want to, by just calling your CGI script with proper parameters. If the script is hardcoded to send a message to just one user, then a spammer can't use it. If it's hardcoded to send a particular message body, a spammer can't use it for much.

The other thing to watch out for is what you let the script set on purpose, and what you may have accidentally let it set. For example, let's say you take just the From from the Web page, and everything else is hardcoded. If you just call sendmail like this:

open(SENDMAIL, "|/usr/lib/sendmail -t");
print SENDMAIL "To: webmaster\nFrom: $mailfrom\n\nThis is the body\n")
+;
close(SENDMAIL)
[download]

then a spammer could set:

$mailfrom="joe@spammer.com\nTo: spam-recipient1@aol.com\n\nThis is the
+ spammer's message body\n.\n";
</pre>
to cause you to send arbitrary mail to arbitrary users.
[download]

If you are running a form mail script you need to be running the form mail script from here:

NMS Scripts
http://nms-cgi.sourceforge.net/scripts.shtml

Form to email scripts are notoriously hard to design correctly to make sure that you are not open up security holes on our server.
More info is available in the site FAQ:
http://nms-cgi.sourceforge.net/faq_nms.html

The NMS Scripts were prepared by highly regarded members of the Perl as an answer to all of the poorly written insecure version of similar scripts out there.

I implore you heed my warning unless you want to be a relay for spammers e-mail.

More about NMS

You should contact your admin.