Formmail



We offer a form-to-mail solution with a program called "Formmail." You can set up a form like this:



and have the results sent to your DreamHost email account like this:



To do this, you just need to know a bit of HTML coding and build your form. There are a few restrictions which are:


 * The receiving email must be setup on our system. Sorry but no Gmail, Hotmail, AOL, etc. emails can be used.
 * The domain on which Formmail is set up must be hosted on our system.
 * No file uploads are available.

Our original Formmail page can be found Here.

To start off off you will need the .cgi script that your form will use to make all of this work, The action of your form needs to point towards this script, and the method must be POST or GET in capital letters. Therefore you must have this exact HTML in your form, here is the code you will need to use  NOTE: This is only for making your own HTML form that you want the contents of sent to you via e-mail, not for any other type of CGI script.

Example
Here is a very simple formmail code setup to give you an idea of how you piece this together, you can use this and modify it to what you need.

   Full Name: 

Email: 

phone: 

Comments: 

 Important: Use "name" instead of "id" to reference form objects.

Below is a list of form fields that you can use to customize your forms and the code needed to implement them. Any other form fields that appear in your script will be mailed back to you. If you do not have the redirect field set, they will also be displayed on the resulting page. There is no limit as to how many other form fields you can use with this form.

Protecting the recipient email
The original example has several problems. Most significantly, the recipient's email address is exposed and will be assaulted by spam. There is also no way to prevent someone from attacking the form by setting up a "bot" to repeatedly send email. Someone can also modify the form and abuse it as a sort of open mail relay to send anonymous email.

Virtual private server users can probably set up a Postfix server and send their mail. For shared hosting users, this might help.

Dreamhost does allow sites to make server to server connections while processing a user's request. To hide the recipient email, set up a form that receives the HTTP POST containing all of the form elements above, except for the recipient field. The form should post to a PHP script or better yet, a real language (snark...). On recipient the post data, verify that it matches any data you want, verify the Captcha, insert the recipient field into the POSTDATA and then open a server side connection to http://formmail.dreamhost.com/cgi-bin/formmail.cgi.

Of course, people can still find ways to abuse the Dreamhost formmail script by attacking it directly, but this does add a layer of defense.

Here is an implementation sketch using Python. What you actually need to do depends on your web framework. You might also be able to have another language's framework invoke this as a script.

import urllib import urllib2 def send_mail(postdata): '''This function is called after receiving an HTTP POST. postdata is a dict containing the form keys and values.''' # What you have to do here depends on your framework, but you probably want to filter unexpected fields ensure_postdata_is_safe(postdata) postdata['recipient'] = 'YOUR@EMAIL.ADDRESS.COM' # urlencode it to the expected format urlenc = urllib.urlencode(postdata) try: # Have the server open a connection to formmail and send it on the client's behalf response = urllib2.urlopen( 'http://formmail.dreamhost.com/cgi-bin/formmail.cgi', urlenc, timeout=250) # If the server to server connection succeeds, let the client know if response.code != 200: # 200 is HTTP OK            return redirect('failed to send message') except urllib2.URLError, e:        abort(500)  # That is, send an HTTP 500 to the client return redirect('success page')
 * 1) !/usr/bin/env python