So I would recommend the use of the sendmail '-i' option. Given that and the fact that all the email header data is hard-coded, is there any way to case grief with user data only going into the email body?

I'd really recommend not doing that either. For one, the syntax for that call looks like:

        $message = "From: blah\nTo: blah\nSubject: blah\n\nmessage\n";
        open (SENDMAIL,"|sendmail -i);
        print SENDMAIL $message;
        close(SENDMAIL);
[download]

Updated:
(Yes, I know it could be done with multiple print's, but I hate dribbling information through a pipe ...)

Which is a bigger rewrite than moving to Net::SMTP:

        use Net::SMTP;

        $smtp = Net::SMTP->new('mailhost');

        $smtp->mail($ENV{USER});       # print MAIL "MAIL FROM ..."
        $smtp->to('postmaster');       # print MAIL "RCPT TO ..."

        $smtp->data();                 # print MAIL "DATA\n";
        $smtp->datasend("line 1\n");   # print MAIL ...
        $smtp->datasend("line 2\n");   # print MAIL ...
        $smtp->datasend("line 3\n");   # print MAIL ...
        $smtp->dataend();

        $smtp->quit;
[download]

Updated: (duh ... typing "first" w/o a "second")
Second, invoking a whole 'nother app (sendmail) when you've already got perl running is just a bunch more overhead on your server. You then also have any security holes in 'sendmail -i' to remember to look for.

---

My parents just came back from a planet where the dominant life form had no
bilateral symmetry, and all I got was this stupid F-Shirt.

Quothe idsfa: "I'd really recommend not doing that either. For one, the syntax..." I'm missing something. What is wrong with solving the "\n.\n" issue by using the '-i' option in a pipe to sendmail. And what is syntactly bad about the example you gave.

Same question regarding use of Net::SMTP. The boss is going to ask me "Why?". I need a better answer than, "Some helpful person on the web said it was better." Why is the Net::SMTP code you recommend more secure than piping to sendmail with the '-i' option and hard-coded email header data? I know there are issues about gracefully handling situations where sendmail is missing or in a non-standard place. I'll deal with that. But what sort of potential input would Net::SMTP handle more securely in this situation?

BTW: I use standard modules all the time and will likely recommend Net::SMTP for use here. This is not a question of wanting to avoid their use. I just want to have a knowledgable rationalle to explain myself.

------------------------------------------------------------
"Perl is a mess and that's good because the
problem space is also a mess." - Larry Wall

Update: I forgot about the -i flag to sendmail to prevent the rogue period from ending the message. The SMTP commands shouldn't be interpreted by sendmail but the period can be used to shorten the message sent.