Solved

Mail Sent from Unix Shell script comes from anonamous?

Posted on 1998-10-05
25
252 Views
Last Modified: 2013-12-25
I've got a little shell script that accepts an email address, logs this to a file with the date, then sends some mail to that email address.  My question is, How do I get the reply to address for the sent mail to be the anything other than anonamous(forgive my spelling)?  The who Am I command shows the same value when I hit it from the WWW, as from the command prompt?
0
Comment
Question by:KirkGray
  • 10
  • 10
  • 5
25 Comments
 
LVL 8

Accepted Solution

by:
MaDdUCK earned 100 total points
ID: 1828936
You cannot do anything about this because it is due to UNIX security reasons. One way around would be to have your sysadmin add an account for the CGI and then execute the CGI as this user. In this case, you could freely determine the address displayed.

\\MaDdUCK
0
 
LVL 84

Expert Comment

by:ozo
ID: 1828937
I don't think there's any restriction on setting the
Reply-To:
header.
0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828938
this is correct, but the reply to header only controls where a reply is sent to, not the adress from which the mail was sent. But I guess Kirk wants exactly this. Please give us the script and I will tell you how to midfy it...
0
 

Author Comment

by:KirkGray
ID: 1828939
This is the script here.. If you can show me how to set the reply address, or set the current user that the cgi script gets run as then I'll award the points!

#!/bin/bash

mailto -s"Subject Goes here" $1 < ./zippwd.txt

echo "Content-type:text/html"
echo ""
echo ""
cat mailsent.html

PS:  I know this is a security hole... an I've got it covered already.

0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828940
do this:

echo "Subject: <subject>" > ./cgi_mail.tmp
echo "Reply-To: <reply to>" >> ./cgi_mail.tmp
#any other headers here
echo "" >> ./cgi_mail.tmp
cat ./zippwd.txt >> ./cgi_mail.tmp

mailto $1 < ./cgi_mail.tmp

rm ./cgi_mail.tmp

echo "Content-type:text/html"
echo ""
echo ""
cat mailsent.html

this should work...

MaD dUCK

PS: In your case, I would export the whole thingy to Perl using one of CPAN's mail modules --> really easy to use and a lot better (especially with temporary files). CPAN is at www.perl.com/CPAN/
0
 

Author Comment

by:KirkGray
ID: 1828941
All Yours Dude!  Thanx for the help!

0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828942
no prob, if you need help again, I'll monitor this thread (but please only for thread related questions)...
0
 

Author Comment

by:KirkGray
ID: 1828943
I should just ask then, Isn't the use of the filename cgi_mail.tmp going to cause problems if two users hit it at the same time?


0
 
LVL 84

Expert Comment

by:ozo
ID: 1828944
Yes, you may do better to use a name like
cgi_mail.$$.tmp
0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828945
agreed...
0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828946
that is why I am saying Perl or C... it will be able to generate a unique temporary file (tmpnam() in C)...
0
 

Author Comment

by:KirkGray
ID: 1828947
I Think I'll just use the actual address passed as then temp filename.. That seems to work OK...

The only problem left is that I Can't get the Reply To header to work... It's actually comming in with the content of the mail...

The subject header is working OK though...
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:KirkGray
ID: 1828948
I Think I'll just use the actual address passed as then temp filename.. That seems to work OK...

The only problem left is that I Can't get the Reply To header to work... It's actually comming in with the content of the mail...

The subject header is working OK though...
0
 

Author Comment

by:KirkGray
ID: 1828949
Woops... Sorry about the duplicate!

0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828950
can you post a complete message (with all headers please) along with the temp file created? (just remove the rm instruction for one run)...

it works fine for me...
0
 
LVL 84

Expert Comment

by:ozo
ID: 1828951
(you may want to do it with a fake email address...)
0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828952
of course :-)
0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828953
i am going to sleep now, so don't expect a reply from me within the next twelve hours...
0
 

Author Comment

by:KirkGray
ID: 1828954
This is the bit of the script that does the mail....

echo "Reply-To:areplytoaddress@somewhere" > ./$1.tmp
echo "" >> ./$1.tmp
cat ./zippwd.txt >> ./$1.tmp

mailto -s"Your zip password from " $1 < ./$1.tmp          


this is the temp file created....I removed the subject header as you can see.. but that worked anyhow!

Reply-To:areplytoaddress@somewhere

Your Password for the application you have just downloaded is

blash bajdgsdjhfsdf                
0
 
LVL 84

Expert Comment

by:ozo
ID: 1828955
Are you saying that the Reply-To: started working when yoiu removed the Subject: ?
What did the file look like before you removed the Subject: header?

Can you pipe directly to sendmail instead of processing through mailto?
0
 

Author Comment

by:KirkGray
ID: 1828956
I'm saying that the subject Header Worked, the Reply-To header never has...

and.. I cannot run the sendmail command from my shell prompt..  So I assume I can't pipe to it...

Perhaps we are comming at this from the wrong end... is there a way to tell the script which user to run as?  The Gateway software is Apache.



0
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1828957
you can impersonate someone by making the account the owner of the script using chown and then adding the s bit using chmod (chmod u+s file). This way, the script will execute as tne owner. be sure to give everyone else r and X rights.
0
 
LVL 84

Expert Comment

by:ozo
ID: 1828958
So you're saying that

echo "Subject: <subject>" > ./cgi_mail.tmp
#echo "Reply-To: <reply to>" >> ./cgi_mail.tmp
# any other headers here
echo "" >> ./cgi_mail.tmp
cat ./zippwd.txt >> ./cgi_mail.tmp
mailto $1 < ./cgi_mail.tmp

works to set the Subject: header?

Doesn't your mailto deliver by calling sendmail?
Or does mailto call splitmail which calls sendmail?
Can you run strings on it to see which progrem it invokes to actually deliver?
0
 

Author Comment

by:KirkGray
ID: 1828959
Thanx, MaDdUCK.. I'll give changing the cgi owner a go and see if I can get the http hit to send the mail like it does when I run it from the command prompt....

Ozo:  No Such thing as sendmail... but splitmail exists... I'll give piping the headers to that a go.

Thanx for your help, both of you.

Regards,
  Kirk.


0
 

Author Comment

by:KirkGray
ID: 1828960
Opps.... splitmail doesn't send mail (It splits it! Dah!)... It looks like mailto is a front end wrapper for mail... but mail won't send at all when hit from the browser...I'll try changing the owner...

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now