Gypsy Mail is a form mail script. If you set up a form on your website, to collect information from your site's visitors, Gypsy Mail will e-mail the data collected by the form to the e-mail address(es) of your choice. Furthermore, you can specify the layout and format of your e-mail message, so that the information looks nice, is easy to read, and can be cut and pasted or utilized without much further formatting. You only need to install one copy of the script and it will handle as many forms as you like.
While many CGI scripts are written in Perl, Gypsy Mail is written in Python. Python is another scripting language. There are many excellent reasons for using Python, which I will not go into here, but please don't let the fact that Gypsy Mail is not written in Perl disuade or discourage you from using it. Python is freely available and is easy to install. It runs on virtually all platforms in use today. So, if the web server that you are using does not have Python installed (and it may already be installed), it is not very difficult to get a copy of Python and install it.
Gypsy Mail is a clone of the cgiemail script, which is written in C. I had been using cgiemail for quite a while. But I wanted more control over options, error reporting, and the script. So, I decided to write a clone in Python with the extra features that I desired. I've also tried to make the script easy to set up and configure. If you find anything about the set-up and installation confusing, please let me know, so that I can improve it for future versions.
This script is distributed under the GNU Public License. There is NO WARRANTY of any kind. I hope that it will be useful to you, and I have taken care to write a quality script, but use it at your own risk. I would especially appreciate feedback, bug reports and feature requests.
I have tested the script with Python 2.0 on Win98 using the Apache webserver, and with Python 1.5.2 on Linux using the Apache webserver. I have also had reports of users successfully running GypsyMail under Windows2000 with MicroSoft's IIS web server.
If you do not have Python installed on your webserver, you can get it here:
http://www.python.org/download/
Python is available for most operating systems, including Windows, Macinstosh,
Linux and most Unix systems, and more.
Python does come pre-installed on many Linux
platforms, so first check to see whether it is installed. Try typing, at a command
line prompt,
$ whereis python
Or simply try typing, at the command prompt,
$ python
And see if you get somthing like this (it will vary slightly, depending on the version of Python installed, and the operating system):
Python 1.5.1 (#1, Sep 3 1998, 22:51:17) [GCC 2.7.2.3] on linux-i386 Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam >>>
Or check with your system administrator.
Gypsy Mail is distributed under the GNU Public License. In essence, this means it is free, hopefully useful, but there is NO WARRANTY. You can read the text of the GPL license here.
The complete distribution includes the following files, with suggested directory placement. You can place the files in different directories than suggested below, if you appropriately edit the gypsymail.py and th defaultconfig.txt files.
These files go in your /cgi-bin directory:
These files should go in the /cgi-bin/templates directory, after editing
them.
You will probably have to create the template subdirectory.
(The sample files are optional.)
These files can be placed anywhere in your public html directory.
They do not require editing, unless you place the files listed above in directory
locations other than the suggested ones.
Of course, sample files are optional.
These additional files are also included in the distribution:
Here are the "Quick Start" instructions--start here. For more detail on particular aspects of installation, go to the section "Complete Installation Instructions".
To set up GypsyMail, you will need to edit a few files, upload several files to your web server in the correct directories, and make sure that you have your file permissions set correctly (Unix/Linux only).
It is assumed, that the quickest way for you to get GypsyMail up and running, is to install the sample files that are included in the package. From there, you can probably see how to change things to set up your own forms. Again, more detail in the "Complete Installation Instructions" section.
Here are the steps you need to go through:
gypsymail.py is the main script file. You only need to edit two lines in that file. Make sure to use a plain text editor, such as Notepad, Pico, Programmer's File Editor or SimpleText. Near the top of the file, find this section:
################ begin configuration section ######################### # the full path to your template and config text files # this is something like /usr/local/etc/yoursite/cgi-bin/templates TemplatesPATH = "/big/dom/xdomain/cgi-bin/templates" ###### end configuration section: do NOT edit anything below #########
TemplatesPATH = "/big/dom/xdomain/cgi-bin/templates"
And inside the quotes type the path to directory where you will put the template and configuration files on your web server. The script comes set up under the assumption that you will create a folder inside your cgi-bin directory, called "templates" and place those files there. So, after you edit it, the line should look something like this:
TemplatesPATH = "/path/to/your/cgi-bin/templates"
If you prefer, you can save your template files outside the cgi-bin directory.
Make sure to set the TemplatesPATH to point to the appropriate directory.
Make sure that you enclose the actual path in quote marks. If you are uncertain
of the path to your cgi-bin directory, ask your tech support personell or
the administrator of your web server.
NOTE: FOR WINDOWS
USERS - - If you are trying to install GypsyMail on a Windows
server, and are setting the value for the TemplatesPATH variable, you cannot
set it like this:
TemplatesPATH = "C:\temp\cgi-bin" <---WRONG on WINDOWS !!!!
The problem is, that the backwards slashes may be interpreted as escape sequence characters, and the script may not read the directory path that you intend. To get around this problem, use the forward slash instead. Even though this may seem wrong on Windows, Python will interpret it correctly. So, you should enter your path like this:
TemplatesPATH = "C:/temp/cgi-bin"
In the same file, gypsymail.py, you also need to double check that the interpreter path (sometimes called the "shebang line") is set properly. This is the first line in the file. It looks something like this:
#!/usr/bin/env python
The path shown above may work for you, as it is, or you may need to modify it slightly. It tells the webserver what the path to Python is. However, this may only be required on some webservers. Linux and Unix servers do require this path, and it is required on Windows machines running Apache as a web server. But other Windows webservers may not require it. Still, it doesn't hurt. If you are unsure of the path to Python on your webserver, ask your tech support, or try typing "whereis python" at a command prompt.
Next, you need to edit the file defaultconfig.txt. You need to enter the values for such things as your SMTP server, the log file name, the webmaster's e-mail address and the like. The file is fairly well commented, and hopefully it is clear.
The sample template files, sample1.txt, sample2.txt and sample4.txt, have the email address devnull@thinkspot.net in the To: field of the template file. In order to run the sample forms and receive the email, you will need to edit these to an email address for one of your own accounts. The html form, sample3.html, also needs to have email addresses edited, in the menu, if you want to see it work.
Be sure to upload the files in ASCII mode, not in binary mode. Refer to the list of files in the distribution package, to see which files go in which directories.
You will need to make sure that the permissions on gypsymail.py in your /cgi-bin directory has been set to 755, which means readable and executable by the world. The error log file, gypsymail.err, needs permissions set to 666. All other files should do fine with 644 permissions.
Point your browser to any one of the sample html files that you placed in your public html directory, and test the script. Hopefully, everything will work just fine. If not, see the section on TroubleShooting.
The best way to start your own form, is probably to write the email template, first. The usual "header" fields would be
There are other possible fields, as well, such as Cc:, Bcc:, Date:, Priority, X-Mailer, and others. More about those, later. The Gypsy Mail script will automatically set the Date:, X-Mailer:, Message-ID:, and Received: lines for you, so you needn't worry about any of this.
So, back to where we were: the basic headers--To:, Subject:, and From:. You can either allow the user to input the value for these fields, or you can hard-code them into your template. Be very careful of allowing the user to input a value for the To: field. This basically lets the user send the email to anyone they want. Gypsy Mail does have a feature which allows you to restrict user input to a list of values that you have approved, and only those values. See the section on Restricting Input Values.
You should write your email template in a plain, text editor. For samples, view the sample text files that came in the distribution. One note: To be RFC compliant, your email addresses should be enclosed in angle-brackets, like this:
To: <webmaster@example.com>
You will notice the angle brackets in the sample files.
Lay out the templates exactly as you would like the e-mails to appear when you
receive them, placing the [fieldname] wherever you want user data to be placed
in the e-mail. (Again, a look at the included samples and running them to see
the result, would probably help here.) The "fieldname" must match
exactly to the name of one of your form-input objects in your HTML submission
form.
When you write your form, inside of your HTML document you will need the following tags:
<form METHOD="POST" action="/cgi-bin/gypsymail.py/defaultconfig.txt/template.txt">
</form>
and between the form-tags you will put whatever type of form objects (such as check-boxes, text-fields, radio-buttons and so on) that you desire. The important things are: (1) the method should be POST, and (2) the action should be the path to your gypsymail.py file, followed by the config file and the template file that you are using for that form. In the above example, the config file is defaultconfig.txt and the template file is template.txt.
To learn how to write forms, you could study the sample html forms that came with the distribution package. However, you would probably do better with a beginner's tutorial for HTML.
To run the Gypsy Mail form mail script, you need a single copy of each of the files gypsymail.py and gypsyutils.py in your /cgi-bin directory. In your /cgi-bin/templates directory, you need at least one config file. The defaultconfig.txt that comes with the distribution package may do fine for you. You will have to edit it, first. If you have special requirements, you may want to write additional config files. For each form that you wish to process you will need a template file in the directory /cgi-bin/templates and an html page with a form somewhere in your public html directory.
For some operating systems, the first line of the gypsymail.py file must be edited to point to the path to Python on your system. This would include most Unix-type operating systems, and possibly Windows systems when running certain web servers, such as Apache. The path line in the default distribution is set to
#!/usr/bin/env python
and this setting may work for you. However, it may not. If you are not sure of the path to Python on your web server, consult with the system administrator or the support personnel to find out the correct path setting.
The path to a Gypsy Mail script looks like this:
/cgi-bin/gypsymail.py/configfile.txt/templatefile.txt
In the main gypsymail.py file, you need to edit a line, to tell the script where to find the template files and the config files. It is suggested that you place these files in the /cgi-bin/templates directory, although you can place the template files outside of the cgi-bin directory, also. All template files and config files must go in the same directory or else the script will not be able to find them.You then tell the script which config file and which template file to use for a particular form, by including them in the URI for the script. Please read the cautionary note for Windows users, about setting the path for the templates directory.
So, in your html form, you will have something like this:
<form method="post" action="/cgi-bin/gypsymail.py/configfile.txt/templatefile.txt">
It is possible to have different config files for different forms, particularly if you want to have different log files, different webmaster email addresses, different URLs for the links to return to the website after the script has run, different success page options, and so on.
After reading this section, along with the Quick Start directions above, you should be able to get the sample files included in the distribution package working. For more details about customizing the script's behavior, read the sections below.
Subdirectories Under the Templates Directory
It is now possible, for organizational purposes, to have subdirectories under the
/cgi-bin/templatesdirectory. Here is an example scenario of how to set up the script using a subdirectory:If the subdirectory is named "sales", then you would place the appropriate configfile.txt file and templatefile.txt file both inside the directory
/cgi-bin/templates/sales.Set the action on your form to:
<form method="post" action="/cgi-bin/gypsymail.py/configfile.txt/templatefile.txt/sales">Note that there should be no trailing slash. The basic idea is, to add the subdirectory to the script URL, after the configfile.txt and templatefile.txt, following all the directions in the preceding sections. You can have unlimited number of nested subdirectories using this method. For example, if "sales" had subdirectories such as jan, feb, mar, and so on, then you could place appropriate configfile.txt and templatefile.txt files in each of those subdirectories, and use the following action on your form:
<form method="post" action="/cgi-bin/gypsymail.py/configfile.txt/templatefile.txt/sales/jan">
And so on.
Each form will need its own template file. A template file is basically, the email, as you would like it to look, except where information from the form will be inserted you put [fieldname]. When the script runs, it gets the information from the form and inserts it into the email template where you have placed the tag [fieldname]. It is very important that the name you give to your field in the html form matches EXACTLY with the name you put inside the brackets in the email template. Even upper and lower case must match.
In your template email, you will need to include the email headers at the top, then at least one blank line, and then the message body. Message headers include fields like To:, Cc:, Bcc:, From:, Subject: and others. Gypsy Mail will automatically form and include the headers Date:, Message-ID, X-Mailer: and Received:. The basic headers, would be To:, Subject:, and From:. In most cases, you will probably get by with just these. However, you can add other headers if you like.
It is important to have a blank line (at least one) between your last message header and the beginning of the message body. This is how Gypsy Mail detects where the message body begins.
Gypsy Mail supports Bcc: headers. You can insert them in your template text file, and Gypsy Mail will send out the results of the form to that person, but it will not be included in the message headers. Therefore, anyone else who receives a copy of the mail will not see that the email was sent to that person, nor will it appear on the default success page, or in any copy of the message headers.
Please examine the example sample text files included in the distribution for some ideas on how to compose templates.
You need at least one config file to run Gypsy Mail. The same config file can be used for multiple forms. The distribution package includes a single config file called defaultconfig.txt. You need to edit that file, putting in the specifics for your website, in order for Gypsy Mail to be able to run. The config file tells Gypsy Mail such things as what SMTP server to use for sending the mail, what file to log errors in, the webmaster's email address, and your Success Page options. Also, in the config file you can indicate special lists of values for certain fields in your forms, and require that the input for the field be one of the values listed in your config file. (See Restricting Input Values.)
It is possible, that you might want to have different config files on your website. Perhaps you don't want to display the same webmaster's email address on all of your results pages, or you want different URL links for returning to your website, different restricted values lists or different success page options. In that case, you should create a new config file and edit it appropriately. I suggest making a copy of your defaultconfig.txt file and saving it under a new name, and then editing that new file.
If you use check boxes or radio buttons, or possibly other types of fields, and give them the same name, then Gypsy Mail will save a list of all the input from those different fields that share the same name. In this case, the values from these fields are printed out, one on a line, in the email. (See sample1.txt and sample1.html for an example of this.)
Suppose you want your submitter to enter some information, such as a password or email address, and you want to be able to check the data, to make sure the submitter has not made a typing error. A simple check, that is quite common on forms, is to have the user enter the information twice and compare the two entries to see if they are identical.
Gypsy Mail has a feature to allow this type of comparison checking. Here is an example of how to use this feature. Let's assume that the form is trying to obtain a password from the submitter. Then you should create an HTML form that has fields require-password and confirm-password. It is important that the prefixes require- and confirm- be all lower case, and that they are separated from the field name by a hyphen with no intervening spaces. The submitter must supply values for both of these fields, otherwise Gypsy Mail will give an error message saying that required fields were not completed. If all required fields are filled in correctly by the submitter, then Gypsy Mail will check, whether the values in these two fields to see whether they match. If these values match, the script will proceed. Otherwise, it will issue an error message to the submitter, that he should go back and double check the values in these fields, to make sure that they match.
See the files sample4.html and sample4.txt, which are included in the distribution package for an example.
As a security feature, the default behavior in Gypsy Mail is to check all user-input fields for an attempt to add message header fields to the email message. If a submitter could figure out a way to add a To:, Cc:, or Bcc: field to the message header, then they could send the email to whomever they wish. Gypsy Mail checks each field in the submitted form data for a newline character followed by one of these header fields, unless you tell it not to.
However certain types of fields should not be checked in this way.Multi-line text areas, which are intended to collect comments, feedback, or the text of a message body should allow all printable characters. For such fields, there is a way to tell Gypsy Mail to forgo checking for inserted header lines.
The file defaultconfig.txt has a line near the bottom of the file, that looks like this:
PassFields = body, messagebody, message, messagetext, comments, feedback
Any fields in your form, whose name contains any of these words, will not be checked for an attempt to insert extra headers. You can edit this line of the defaultconfig.txt file, if you like. Either add more such field names, or deleted some of the ones that are already listed. Make sure to separate values with commas.
Gypsy Mail allows for three different "Success Page" options. (This is the page that your web site visitor will see after the form has been successfully submitted.) To select from among the different success options, you need to edit some settings in the configuration file for your form. Please read on for more information about the different success page options.
The default success page is a very plain HTML page which displays the word "Success" at the top of the page, the statement: "The following message was sent:" followed by the complete e-mail that was sent, a link to return to the website, an optional e-mail link to the webmaster, and the Gypsy Mail version number with link to the Gypsy Mail Home Page. You can view this default page by setting up sample1, sample2, sample3 or sample4 that come with the complete Gypsy Mail package distribution. In order to use this simple option, make sure that the value SuccessOptions in the configuration file is set to zero (this is the original default value). You may also wish to set the following values in the configuration file, which will affect the display on the default success page: SuccessPageTitle, SuccessReturnURL, and webmasterEmail. There are comments in the defaultconfig.txt file distributed with the Gypsy Mail package which further explains the use of these values.
A second option for your "Success Page", is to simply have the script redirect to the URL of another web page after the form has been successfully processed. For this option, make sure the value of SuccessOptions in the configuration file is set to one. You will also need to set the value of SuccessRedirectURL to the URL of the page to which you wish to redirect.
If you are using a version of Gypsy Mail older than 0.6.2, then you will need
to obtain new copies of the files gypsymail.py,
gypsyutils.py and defaultconfig.txt
(return to the Gypsy Mail home page to
retrieve files) and set up as a new install. Your previous forms and templates
should continue to work unaltered.
The option to have customized, templated success pages is new with version 0.7.0. To use this option, you will need to:
The Success Page Templates allow for a highly customized Success Page, which you can design to have any appearance that you like (so it could match the rest of your website), and can include as much or as little of the data from the sent e-mail and/or the form data as you like. For an example, visit the Gypsy Mail FeedBack Form and feel free to fill-in and submit the form. The Success Page which follows the submission of the FeedBack Form is using the new templated success page option, and helps maintain an appearance consistent with the rest of the website.
Two sample html success template files are included in the Gypsy Mail distribution package: successtemplate5.html and successtemplate6.html. To run these files and see the output use sample1.txt, for successtemplate5.html you need to edit config5.txt configuation file and for successtemplate6.html you need to edit config6.txt configuration file. If you have installed all of the sample files as directed in the installation instructions above, then just point your browser to sample5.html and sample6.html to see how the success page templates work. These are basically minor modifications of the sample1.html file and are file included for the purpose of providing an example of how to use success option templates. You will need to first edit the sample5.txt and sample6.txt files to include an email address where you can receive email, and edit the config5.txt and config6.txt files to include the necessary data, such as your SMTP server, in order for the files to work.
The basic idea of the success templates, is that you compose a regular HTML page, excepting that where you would like the data from the email or form, you put in tags just like you do when composing the email templates. All of the tags that you use in your email template are available for your use in the html success template. In addition, you can also use the following tags:
which will display either the complete email, the headers only of the email, or the email's message body, respectively. Also, you have the option to display only certain fields from the email's message header, such as the Message-ID field, the Subject field, the Date field, and so on. In order to display only a particular email message header field, you would enter a tag in your html template like:
[headerfield-Message-ID]
[headerfield-Subject]
[headerfield-Date]
or whatever header field you would like to include in your success page. Note that the prefix "headerfield" must be all lower case, and must be followed by a hyphen, and then followed by the name of the header field with no intervening spaces. The name of the header field can be any combination of upper and lower case.
The difference between setting SuccessOptions in the configuration file to two or three is as follows:
When set to two, the email, form data, and so on, will be inserted exactly as-is into your html template. Since html doesn't recognize most forms of white space, the message or other data could run altogether and be confusing to read. You can resolve this problem by enclosing the data inside of <pre> </pre> tags in your html template. (See successtemplate5.html for examples.) If, instead, you set SuccessOptions to three, the script will replace all newline characters with a <br> tag, and all tab characters with four "non-breaking space" tags (i.e. ) before inserting into your html template. (See successtemplate6.html for examples.)
For composing html success templates, you can use your usual HTML editor (I use DreamWeaver), and simply insert the tags where you would like data from the email and/or form to appear in the success page.
In some situations you may want to allow the submitter to enter the values for the To: or Cc: addresses for the form (rather than having them hardcoded in the template). Still, you don't want to let the submitter send the form results to just ANY email address. While you can have check boxes or menus on your form, from which to choose the email address, there are ways around this, in which a determined person could manage to put in any email address they would like. In theory, this could allow them to use your form for spamming.
You can restrict the list of values that your form will accept, by putting an extra line in the config file.
Let's suppose the name of the field on your form is ToEmail. And let's say you only want to allow the submitter to send the email to webmaster@example.com, sales@example.com and info@example.com. Then, in your config file, place the following line:
values-ToEmail = webmaster@example.com, sales@example.com, info@example.com
Notice the prefix of the tag "values-" in all lower case with a hyphen preceeding the name of the actual field. If you have a field where you want to restrict the values, you will make an additional entry in the config file. This entry will consist of the field name with the attached prefix "values-" to the left, then an equal sign, and then a list of permitted values to the right, separated by commas.
Now, if someone manages to insert a different value into your field, other than the ones in the list above, Gypsy Mail will generate an error message and the script will exit.
You may wish to periodically clear the gypsymail.err file. You can always create a new, blank file by simply making a new text file, naming it gypsymail.err, uploading it to your cgi-bin and setting the permissions to 666.
If you are upgrading from a version earlier than 0.6.2, you should probably just download the entire package, because so much has changed and you will probably appreciate the additional example files included in the distribution package.
Regardless of what version you are currently running, you will need to obtain at least three new files:
For most versions, you can probably just drop gypsymail.py and gypsyutils.py into place and continue running all of your forms and templates as they already were running. Versions earlier than 0.6.2 will also require the defaultconfig.txt file.
In any case, to be safe, back up your old files first. (You can probably rename
them to gypsymail.py.bak and gypsyutils.py.bak, so that it will be easy to restore
them if necessary, by simply renaming them back to their original names.) Then
edit the two required lines in the gypsymail.py file, upload
the gypsymail.py and gypsyutils.py files and your old forms should still continue
to work. Of course, now you can also take advantage of the new Success Page
Templates, if you so desire. This would require also installing a new configuration
file with the requisite options set. Please refer to the defaultconfig.txt file
included in this distribution.
Typical problems when installing scripts, can often be solved by doing the following:
I assume you will test the script yourself, before letting your website's visitors use it. Gypsy Mail should give error messages, either to the browser or one of the error/debug logging files, indicating what the problem is. Check the error messages to see what the problem might be. Did you put the config file in the correct directory? Did you edit the path to the Templates in the gypsymail.py file correctly? (For more info on using the new debug logging feature, see the next section.)
Gypsy Mail generates a number of other error messages, indicating that the form was not filled out correctly, or that the values of confirm-fields did not match, or that there was an error sending the message to the SMTP server. Messages that indicate that the submitter did not fill in the form correctly, do not write any errors to the log file. At least, not in this version of Gypsy Mail. The user is prompted to use the <Back>-Button on their browser, and to correct the information entered into the form. Other types of errors, such as an error in finding the template file, or an error in sending the mail to the SMTP server should be logged in the gypsymail.err log file.
If you cannot figure out what is wrong with your set up, and you have entries in the error log file, you can try sending them along and I will see if I can figure out what is going wrong.
Debug logging is new as of version 0.6.4. You can now toggle the option to print debugging statements to a text file on/off. The default distribution comes with debug logging set to off. If you are having difficulty setting up the script, however, and would like additional debugging info, go the the gypsyutils.py file and near line 11 find the following:
# to turn on debug logging, set debug = 1
# to turn off debug logging, set debug = 0
debug = 0
And change the last statement above, so that debug is set equal to 1. Now save the script and upload it to your web site and run the script. You should find that it creates a file called gypsydebug.txt in the same directory as the script files. It does log a LOT of information, so you will want to turn debug logging off if you are not actively debugging the script. The purpose of the debug logging, is to check the file paths and the environment variables, and to determine whether the necessary data is accessible to the script.
The following information has been provided by Jon Newell of Brisbane, Queensland Australia. Thanks to Jon for figuring this out! Here is his advice, if Gypsy Mail is not running correctly under IIS:
To set up Gypsymail on IIS 5 on win2K, configure Python as per http://www.e-coli.net/pyiis.html. Then locate the following file:
adsutil.vbs (it usually resides in the [your drive]inetpub\adminscripts )
Bring up a command prompt, switch to the above directory and run the following command (without the parenthesis):
"adsutil.vbs set w3svc/AllowPathInfoForScriptMappings 1"
This will allow IIS to use the PATH_INFO environment variable, which is required by Gypsymail. The PATH_INO is disabled by default on MicroSoft's IIS server. More information about the default configuration of IIS and why PATH_INFO is disabled is available here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q184320
After setting up Python as described at the link above, and enabling the PATH_INFO environment variable, Gypsy Mail should be able to run. Jon has offered to give assistance by email. If you would like Jon's email so that you can communicate with him directly, please contact me and let me know.
Any time you run a CGI script on your website, you are giving permission to strangers ( your site's visitors ) to execute programs on your webserver. Sometimes hackers will look for bugs or flaws in the script, and try to exploit them to gain access to your server, or just to create some havoc. Usually, these types of weaknesses in a script occur when the script executes system commands, or where it uses user submitted information as anything more than simple data.
Gypsy Mail does not execute any system or shell commands, and the only way that it would use user submitted info for anything other than simple data, is if the webmaster allows the submitter to enter email addresses for the To:, Cc: or Bcc: fields in the message header. The best thing you can do, to make Gypsy Mail secure, is to hardcode the SMTP From Envelope in the defaultconfig.txt file and to not allow the submitter to specify a To:, Cc: or Bcc: address in the email message. If you must allow the submitter to enter email addresses for the fields To:, Cc:, or Bcc:, then use the Restricting Input Values feature of Gypsy Mail.
I have taken the following security precautions in Gypsy Mail:
You can use the feedback
form on my website, which is a working demo of Gypsy Mail.
Or send an e-mail to sheila@thinkspot.net.
This list is for announcements about updates to Gypsy Mail. Only the script author can post messages to the list. It is very low volume and your email address will not be used for any purpose except to distribute announcements about GypsyMail via this list.
To subscribe, send an e-mail formatted in plain ASCII
text (not HTML formatting)
To: maiser@kserver.org
with the message body
subscribe gypsymail
Or click on this link: subscribe gypsymail
[Note: The mail server cannot cope with HTML formatted messages. You must send in plain ASCII text.]
If you have any difficulties in subscribing, you can write directly to sheila@thinkspot.net and ask to be added to the Gypsy Mail Announcement Mailing List.