Email CGI is NOT like other Email CGIs. It is a Frontier CGI that has optional anti-hijacking features, an optional log of all activity including attempted hijacking of this CGI and failed attempts and complete easy administration (either locally with a provided menu or remotely via web browser).

Requirements

• A Macintosh PowerPC Webserver
• Frontier 4.2.3
• The newest version of TCPCMD suite, NetEvents 1.x (optional) or greater
  or MondoMail available locally here

Setup

Install the two parts of EmailCGI into your root file and optionally place a menu item in your main menu to access suites.emailCGI.installMenu().

EmailCGI comes preconfigured to allow access to everyone with a single entry of "." (a single period) in the OKServer table at suites.EmailCGI.OKServers. If you want to restrict access using the anti-hijacking features you will need to configure it to do so by removing the default Okserver and then adding the domain names and IP addresses of the ones you want to have access. You will also need to change the Admin username and password from the defaults (see the Remote Administration section of this readme). The Remote Admin defaults are
username = admin
password = admin

Decide which processor you want to use, TCPCMD (with or without NetEvents) or MondoMail. I personally find MondoMail to be the fastest and if you use it then you don't need to get and install the TCPCMD suite. I have also provided a local copy of MondoMail for easy downloading or you can get it from http://www.acmetech.com/

For using MondoMail you will need to install the glue script provided with the EmailCGI download (make sure you have MondoMail installed on your server before installing the glue scripts) and then you are ready to go. MondoMail has it's own built-in logging which you can turn off or change the level of by using ResEdit, please read the readme for MondoMail for instructions on how to do this. While doing this you might want to set MondoMail so that it does not automatically shutdown, this will increase the speed of processing because EmailCGI will not have to start MondoMail everytime it sends a message. But EmailCGI will always check to see if MondoMail is running and start it if not. You will probably want to use the built-in logging of EmailCGI even if you use the MondoMail logging because of EmailCGI's logging of attempted hijackings and the location of the form that was used to send the action to EmailCGI.

For using TCPCMD either with or without NetEvents you need to obtain and install the TCPCMD suite and set system.extensions.tcpcmd.useUCMD to a value of TRUE for NOT using NetEvents or set it to FALSE for using NetEvents. EmailCGI will always check to see if you have system.extensions.tcpcmd.useUCMD set to true or false and also will check to make sure NetEvents is running and start it if not.

There is a table item at suites.emailCGI.admindata.path for the path to your CGIs to set for accessing the Remote Administration. If you have Frontier located in your cgi-bin directory and are restricting all CGIs to that directory in your webserver setup then change this value to

/cgi-bin/
otherwise leave it as is. This item must have a trailing slash no matter what.

The Menu

Included with Email CGI is a menu that will allow you to control and configure just about everything you can do with Email CGI when you are sitting in front of the machine where EmailCGI is running. Here is an explanation of each item in the menu.

• About Email CGI - Opens this ReadMe file.
• Add OK Server - Opens a dialog to add a new server to the OK Server Table.
• View OK Servers - Opens the OK Servers Table for viewing or deleting servers from the Ok Server table.
• Choose Processor - Opens a dialog to set the post processor - NetEvents or MondoMail. NetEvents is the default but MondoMail allows cc and bcc fields. You will need to install glue scripts to use MondoMail.
• Logging - Toggles Logging On or Off (If checked logging is On).
• View Log - Opens the log outline for viewing.
• Clear Log - Clears ALL entries from log outline.
• Edit this menu - Opens the Email CGI menu for editing.

Remote Administration

There is complete remote administration via a web browser interface. Simply login to EmailCGI Remote Admin with this address

http://yourserverURL/email.remote.fcgi

You will be presented with the Administration page. Even though others can view this page they will not be able to make any changes to the way EmailCGI works without the admin username and password so don't worry about security. You can always set up a realm to protect this page and then set the Admin username and password to blank values. After you have logged in with the correct Admin username and password and performed any action the username and password will automatically be filled in for you when you return to the admin login page using the links at the bottom of the results pages. This is not a security problem because EmailCGI needs the correct username and password for this autofill to work and is checking to make sure that you are still connected from the same IP address when returning you to the login page.

Make sure you enter the current Admin username and password for each operation.

View Log
This is the default operation, so just click on the submit button to view the log.

Toggle Logging
This means turn logging from off to on or from on to off. Select from the dropdown "Operations" list the action "Toggle Logging" and click the submit buttton. If you look at the select in the list of Operations it will show you the current state logging is in (ON or OFF).

Clear Log
This will completely empty the log. Select from the dropdown "Operations" list the action "Clear Log" and click the submit buttton.

Adding new OK Servers Simply enter the new OK Server in the correct text box, select from the dropdown "Operations" list the action "Add OK Server" and click on the submit button.

Removing OK Servers Select the OK Server to remove in the list of OK Servers (This is a list of all the currently configured OK Servers), select from the dropdown "Operations" list the action "Remove OK Server" and click on the submit button.

Changing Admin Username and Password
These are both case SeNSitiVe. To change the admin username and password from the default admin username and password, which are "admin" and "admin" (without the quotes) respectively. Enter these or the current values in the appropriate places, select from the dropdown "Operations" list the action "Change Password" and then go to the bottom of the page and enter the new values in the appropriate places and click the submit button.

Change Processor this is a quick way to toggle between using NetEvents and MondoMail for actual mail processing. Select from the dropdown "Operations" list the action "Change Processor" and click the submit buttton. If you look at the select in the list of Operations it will show you the current processor (MondoMail or NetEvents).

Anti-Hijacking

The anti-hijacking feature of this CGI is very easy to use and can easily be turned off if you don't want to use it (why you would want to, I don't know). If someone setups up a form on a server or just on any computer connected to the internet that is not one of yours and tries to use the emailCGI from your server they will not be able to if you have the anti-hijacking feature configured. What will happen is they will get a message back in the browser window saying "HIJACKING IS NOT ALLOWED" and some other stuff including the address of the page they tried to use the form from and their message will not be sent. This activity will also be logged to the log outline as detailed in the section of this readMe on Logging. The anti-hijacking feature is turned off when you first install EmailCGI and needs to be Immediately configured.

OK Servers

These are the servers that you want to allow access for using this CGI from your server. You can use the Menu items to view and add new OK Servers to the list of servers that are valid. You must remember to add the server that emailCGI is running on to the list. To delete an OK Server from the list select view OK Servers and then just delete the one you want to remove from the table then close the table.

Forms

You can design your forms in any way you would like to as long as you include the required fields. Your form needs have an action of "POST" and should call the processing script at email.process.fcgi. The required fields for your forms are these:

• smtpGateway - The smtp server you want to send the email through.
• toEmail - The address of the person you want the message to go to. This can be a comma seperated list of multiple recipients.
• fromEmail - The email address of the person who is sending the email

If any of these required fields are left out of the form or the user forgets to enter them, an error message will be sent back to the user's browser and the message will not be sent. The attempt will still be logged with an error message.

All form input fields will be included in the message that is sent and the html that is sent back to the user. For examples of forms please visit and then view the code of any of the forms we have on the Three Rivers Internet website. (http://www.3-rivers.com/forms/webmaster.html is a good example)

Logging

The log is located at suites.emailCGI.log and can be viewed by selecting "View Log" from the EmailCGI Menu or remotely (see the remote Admin section). Logging can be turned on or off from the EmailCGI menu by simply selecting "Logging" (or remotely), if there is a check by it then it is ON. The log can be cleared by selecting "Clear Log" from the EmailCGI menu (or remotely).

The log entries will contain different information depending on these three items:

1. Attempted CGI hijacking. The first line will say that someone tried hijacking, the date and time of the attempt and the URL of the page where the form was used (This could be a file path if it was used from someone's desktop computer and not a server). The second line will contain the email addresses used and the IP address of the person who used the form that called EmailCGI.
2. Successful use of the CGI. The first line will contain "Email CGI run on " followed by the date and time it was used. The second line will contain the email addresses used and the IP address of the person who used the form that called Email CGI.
3. Forgotten required field. (either a hidden field in the webpage containing the form or the user forgot to fill in a field) The first line will be the same as 1 or 2 above depending on whether or not hijacking was attempted. The second line will contain the email address(s) properly filled in on the form and the IP address of the person who used the form that called Email CGI. Any missing email addresses will be omitted. The Third line will contain"**Attempt Failed " followed by an error message that specifies the field that was blank.

For more information on this CGI or to report problems/bugs please contact me (Paul Didzerekis) at hostmaster@3-rivers.com

Legal Stuff

EmailCGI is provided "AS IS" with no warranty expressed, implied, or otherwise. Three Rivers Internet and Paul Didzerekis retain any and all legal ownership of EmailCGI but assume no responsibility for any damages or loss or profits because use or misuse of EmailCGI.

EmailCGI IS SHAREWARE ($10 US) for a SINGLE user license for use on ONE computer. As such you are granted one week to evaluate this software before payment MUST be made. Please send payment to:

Three Rivers Internet
1203 Gowen Avenue
Richland, WA 99352

You are free to redistribute the original EmailCGI compressed archive (EmailCGI.sit.hqx), as received from Three Rivers Internet, in any manner you see fit as long as you do not make any modifications to any portion including this Readme file and do not charge for it.

You are not allowed permission to decompile or reverse engineer any compiled portions of EmailCGI.

You may not distribute any portion of EmailCGI on any type of disk or storage media without the express written permission of Three Rivers Internet and/or Paul Didzerekis.

Thanks,
Paul Didzerkis