Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sendmail duplicating emails

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Jan 1, 1970
0
I am using a postcard script that uses sendmail to send an email to notify of the postcard.

The follow peice of code:

open (MAIL, "|$mailprog $input{'address'}") || die "Can't open $mailprog!\n";
print MAIL "Reply-to: $input{'senderemail'}\n";
print MAIL "From: $input{'senderemail'}\n";
print MAIL "To: $input{'address'}\n";
print MAIL "Subject: $subject\n\n";
open (PAGE, "$mail_message") || die ("I am sorry, but I was unable to open the file
$thank_you.");
while (<PAGE>) {
s/%%sender%%/$input{'sender'}/g;
s/%%userid%%/$userid/g;
print MAIL $_;
}
close (PAGE);
close (MAIL);

In the above, $mailprog is path to sendmail, $input{'address') and $mail_message is a template email.

The script sends out two identical emails.

any ideas.

Ric
 
Sort by date Sort by votes
that's not a problem of perl itself (your code is ok),
but a problem regarding the data you are feeding to
sendmail.

you are using the form &quot;sendmail recipient&quot; and also
specifying on the head &quot;To: ...&quot;.

Try only one of them:

1. using the &quot;-t&quot; flag for sendmail, and keeping the
&quot;To: &quot; header but no recipient on the command line.
--> open (MAIL, &quot;|$mailprog -t&quot;)

2. keep the open() as it is now, but remove the &quot;To:&quot;
on the header portion

--
pkiller

 
Upvote 0 Downvote
Using the -t flag for sendmail, and putting the recipient in the &quot;To: &quot; header is the recommended method, for very good security reasons. If you put the recipients email address on the command line, and someone entered an &quot;email address&quot; of `rm -r *`, you could be in REAL trouble. It's much safer never to allow user-entered input on a command line. That &quot;email address&quot; wouldn't hurt anything if it appeared in a &quot;To: &quot; header.
Tracy Dryden
tracy@bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
 
Upvote 0 Downvote
Well thanks guys you have ssaved my life!!! The email field was checked for @'s and .'s so it should have been safeish! on the command line but I took you advice and removed the command line aspect anyway!

Thanks again.

Ric
 
Upvote 0 Downvote
The worst thing to allow on an email address is the backtick, since it invokes a shell to execute the part enclosed in backticks and substitute the result into the command. NEVER allow a backtick in any user input that is going to be used on a command line!
Tracy Dryden
tracy@bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

audiopro
  • Locked
  • Question
Unusual error with Sendmail 1
Replies
7
Views
504
audiopro
audiopro
maryxyz123
  • Locked
  • Question
Problem with sending emails with pdf attachments from Goldmine
Replies
0
Views
136
maryxyz123
maryxyz123
jcarrott
  • Locked
  • Question
trying to send emails via SMTP 1
Replies
3
Views
105
Annihilannic
Annihilannic
mightychest
  • Locked
  • Question
Problem getting sendmail script to work
Replies
3
Views
123
MrCBofBCinTX
MrCBofBCinTX
spewn
  • Locked
  • Question
sending .txt attachment with sendmail...
Replies
3
Views
123
MoshiachNow
MoshiachNow

Part and Inventory Search

Sponsor

Back
Top