I'm not sure if you're writing from scratch or modifying one of those "bad" CGI scripts that are out there (or even one of those "good" scripts that use perl -T and cgi.pm). But a couple points couldn't hurt.

The command line flags you give to sendmail will be important for security. You will probably need to use -t and -i. The -t just tells sendmail to get the "To" and "Cc" information out of the headers of the mail you are sending. Unless you are root, you have to have a truthful "From", so that will be determined by the setup on the web server. The -i is very important. It tells sendmail that it should ignore any periods that are sitting on a line by themselves (this is the normal way to end an email in Unix) and wait until it receives the end of the input stream instead.

The reasoning here is that if you are in a CGI environment, an evil user might put a period alone on a line inside of a comment section, for instance, and then the remaining characters are being thrown at the OS (and being possibly executed, depending on how things are set up). The -i will avoid this dangerous situation.

According to the Module Reviews, the Mail::Sendmail module will work in both Windows and Unix, and may thus solve your dilemma.

In reply to Re: Sendmail query by mpolo
in thread Sendmail query by costas

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.