Formmail

From DreamHost
Jump to: navigation, search

Header email.png

We offer a form-to-mail solution with a program called "Formmail."
You can set up a form like this:

Formmail 01.png

and have the results sent to your DreamHost email account like this:

Formmail 02.png

To do this, you just need to know a bit of HTML coding and build your form. There are a few restrictions which are:

  • The receiving email must be setup on our system. Sorry but no Gmail, Hotmail, AOL, etc. emails can be used.
  • The domain on which Formmail is set up must be hosted on our system.
  • No file uploads are available.



Our original Formmail page can be found Here.


To start off off you will need the .cgi script that your form will use to make all of this work, The action of your form needs to point towards this script, and the method must be POST or GET in capital letters. Therefore you must have this exact HTML in your form, here is the code you will need to use

<form action="http://formmail.dreamhost.com/cgi-bin/formmail.cgi" method="POST">

NOTE: This is only for making your own HTML form that you want the contents of sent to you via e-mail, not for any other type of CGI script.

Example

Here is a very simple formmail code setup to give you an idea of how you piece this together, you can use this and modify it to what you need.

<form action="http://formmail.dreamhost.com/cgi-bin/formmail.cgi" method="POST">
<input type="hidden" name="recipient" value="email address">
<input type="hidden" name="subject" value="Your Subject line goes here">
Full Name: <input type="text" name="name" size="60" style="width: 300px"><br />
Email: <input type="text" name="email" size="60" style="width: 300px"><br />
phone: <input type="text" name="name" size="60" style="width: 300px"><br />
Comments: <textarea name="Comments" rows="8" wrap="wrap" style="width: 300px"></textarea><br />
<input type="submit" value="Send">
</form>

Important: Use "name" instead of "id" to reference form objects.


Below is a list of form fields that you can use to customize your forms and the code needed to implement them. Any other form fields that appear in your script will be mailed back to you. If you do not have the redirect field set, they will also be displayed on the resulting page. There is no limit as to how many other form fields you can use with this form.

Protecting the recipient email

The original example has several problems. Most significantly, the recipient's email address is exposed and will be assaulted by spam. There is also no way to prevent someone from attacking the form by setting up a "bot" to repeatedly send email. Someone can also modify the form and abuse it as a sort of open mail relay to send anonymous email.

Virtual private server users can probably set up a Postfix server and send their mail. For shared hosting users, this might help.

Dreamhost does allow sites to make server to server connections while processing a user's request. To hide the recipient email, set up a form that receives the HTTP POST containing all of the form elements above, except for the recipient field. The form should post to a PHP script or better yet, a real language (snark...). On recipient the post data, verify that it matches any data you want, verify the Captcha, insert the recipient field into the POSTDATA and then open a server side connection to http://formmail.dreamhost.com/cgi-bin/formmail.cgi.

Of course, people can still find ways to abuse the Dreamhost formmail script by attacking it directly, but this does add a layer of defense.

Here is an implementation sketch using Python. What you actually need to do depends on your web framework. You might also be able to have another language's framework invoke this as a script.

#!/usr/bin/env python

import urllib
import urllib2

def send_mail(postdata):
    '''This function is called after receiving an HTTP POST. postdata is a dict() containing the form keys and values.'''

    # What you have to do here depends on your framework, but you probably want to filter unexpected fields
    ensure_postdata_is_safe(postdata)

    postdata['recipient'] = 'YOUR@EMAIL.ADDRESS.COM'
        
    # urlencode it to the expected format
    urlenc = urllib.urlencode(postdata)
       
    try:
        # Have the server open a connection to formmail and send it on the client's behalf
        response = urllib2.urlopen('http://formmail.dreamhost.com/cgi-bin/formmail.cgi', urlenc, timeout=250)
        # If the server to server connection succeeds, let the client know
        if response.code != 200: # 200 is HTTP OK
            return redirect('failed to send message')
    except urllib2.URLError, e:
        abort(500)  # That is, send an HTTP 500 to the client
        
    return redirect('success page')


Field: recipient
Description: RECIPIENT IS THE ONLY REQUIRED FORM FIELD

This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail

address.

New: You can also set your email address to use a "#" instead of an "@" in this field, in an attempt to foil evil spam-spiders crawling your web page! So for example, if your email recipient is john@doe.com, you can set the value of the recipient field to be john#doe.com and it'll work!
Even better, you can also just leave off the @domain.com part and our script will automatically append the domain your form is posted on.

Syntax:</td> <input type="hidden" name="recipient" value="email@your.host.com">

Field: subject
Description: The subject field will allow you to specify the subject that you

wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the

script will default to a message subject: WWW Form Submission
Syntax: If you wish to choose what the subject is:

<input type="hidden" name="subject" value="Your Subject">
To allow the user to choose a subject:

<input type="text" name="subject">
Field: email
Description: This form field will allow the user to specify their return e-mail

address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive. If you want to require an email address with valid syntax, add this

field name to the 'required' field.
Syntax: <input type="text" name="email">
Field: realname
Description: The realname form field will allow the user to input their real

name. This field is useful for identification purposes and will also be

put into the From: line of your message header.
Syntax: <input type="text" name="realname">
Field: redirect
Description: If you wish to redirect the user to a different URL, rather than

having them see the default response to the fill-out form, you can use

this hidden variable to send them to a pre-made HTML page.
Syntax: To choose the URL they will end up at:

<input type="hidden" name="redirect" value="http://your.host.com/to/file.html">
To allow them to specify a URL they wish to travel to once the form is filled out:

<input type="text" name="redirect">
Field: required
Description: You can require for certain fields in your form to be filled in

before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back to the form they just submitted will be provided.

To use a customized error page, see missing_fields_redirect.
Syntax: If you want to require that they fill in the email and phone fields

in your form, so that you can reach them once you have received the mail for example, use a syntax like:

<input type="hidden" name="required" value="email,phone">
Field: env_report
Description: Allows you to have Environment variables included in the e-mail

message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attributes associated with environment variables. The following is a list of all valid environment variables you can use with formmail:
REMOTE_ADDR - Sends the IP address of the remote host making the request.
REMOTE_USER - If server supports authentication and script is protected, this is the username they have authenticated as. *This is not usually set.*
HTTP_USER_AGENT - The browser the client is using to send the request.
HTTP_REFERER - (note the ONE r..) The URL they submitted this form from.

 
Syntax: If you wanted to find the IP address and browser sending the

request, you would put the following into your form:

<input type="hidden" name="env_report" value="REMOTE_ADDR,HTTP_USER_AGENT">
Field: sort
Description: This field allows you to choose the order in which you wish for your

variables to appear in the e-mail that FormMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which is usually the exact same order as they appeared in the form.) When sorting by a set order of fields, you should include the phrase "order:" as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas (spaces and

newlines are okay).
Syntax: To sort alphabetically:

<input type="hidden" name="sort" value="alphabetic">
To sort by a set field order:

<input type="hidden" name="sort" value="order:name1, name2, etc...">
Field: print_config
Description: print_config allows you to specify which of the config variables you

would like to have printed in your e-mail message. By default, no config fields are printed to your e-mail. This is because the important form fields, like email, subject, etc. are included in the header of the message. However some users have asked for this option so they can have these fields printed in the body of the message. The config fields that you wish to have printed should be in the value attribute of your input

tag separated by commas.
Syntax: If you want to print the email and subject fields in the body of

your message, you would place the following form tag:

<input type="hidden" name="print_config" value="email,subject">
Field: print_blank_fields
Description: print_blank_fields allows you to request that all form fields are

printed in the return HTML, regardless of whether or not they were filled in. FormMail defaults to turning this off, so that unused form

fields aren't e-mailed.
Syntax: If you want to print all blank fields:

<input type="hidden" name="print_blank_fields" value="1">
Field: date_offset
Description: Use this field to override the local server time (Pacific) in the

emails you get from formmail. Use an offset from GMT in hours, like "4"

or "-5".
Syntax: If you wanted to use Eastern Standard Time:

<input type="hidden" name="date_offset" value="-5">
Field: title
Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL.
Syntax: If you wanted a title of 'Feedback Form Results':

<input type="hidden" name="title" value="Feedback Form Results">
Field: return_link_url
Description: This field allows you to specify a URL that will appear, as

return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page. You must have

return_link_title to go along with this!
Syntax: <input type="hidden" name="return_link_url" value="http://your.host.com/main.html">
Field: return_link_title
Description: This is the title that will be used to link the user back to the

page you specify with return_link_url. You must have return_link_url specified! The two fields will be shown on the resulting form page as:

  • <a href="http://your.host.com/main.html">Back to my site.</a>
Syntax: <input type="hidden" name="return_link_title" value="Back to my site.">
Field: missing_fields_redirect
Description: This form field allows you to specify a URL that users will be

redirected to if there are fields listed in the required form field that are not filled in. This is so you can customize an error page instead of

displaying the default.
Syntax: <input type="hidden" name="missing_fields_redirect" value="http://your.host.com/error.html">
Field: background
Description: This form field allow you to specify a background image that will

appear if you do not have the redirect field set. This image will appear

as the background to the form results page.
Syntax: <input type="hidden" name="background" value="http://your.host.xxx/image.gif">
Field: bgcolor
Description: This form field allow you to specify a background image that will

appear if you do not have the redirect field set. This image will appear

as the background to the form results page.
Syntax: For a background color of White:

<input type="hidden" name="bgcolor" value="#FFFFFF">
Field: text_color
Description: This field works in the same way as bgcolor, except that it will change the color of your text.
Syntax: For a text color of Black:

<input type="hidden" name="text_color" value="#000000">
Field: link_color
Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is.
Syntax: For a link color of Red:

<input type="hidden" name="link_color" value="#FF0000">
Field: vlink_color
Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.
Syntax: For a visited link color of Blue:

<input type="hidden" name="vlink_color" value="#0000FF">
Field: alink_color
Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.
Syntax: For a active link color of Blue:

<input type="hidden" name="alink_color" value="#0000FF">