PGP FormMail combines FormMail and PGP into a single, secure tool for sending e-mail from web-based forms (such as an order form).

FormMail is a generic WWW form to e-mail gateway, which will parse the results of any form and send them to the specified user. This CGI has many formatting and operational options, most of which can be specified through the form, meaning you don't need any programming knowledge or multiple CGIs for multiple forms. This also makes FormMail the perfect system-wide solution for allowing users form-based user feedback capabilities without the risks of allowing freedom of CGI access.

PGP (Pretty Good Privacy), originally developed by Phil Zimmerman, is a high security cryptographic software application for MSDOS, UNIX, VAX/VMS, and other computers. PGP allows people to exchange files or messages with privacy, authentication, and convenience.

Installation

Connect to your Virtual Private Server via SSH, su to root, and do the following.

  1. Install PGP 5.0.

  2. Install the PGP FormMail software.

    # vinstall pgp5formmail
  3. The command installs two files, pgp5formmail.pl and pgp5formmail.README.txt, into your ~/www/cgi-bin directory.

Configuration

Set the referer information such that only your server will have privileges to use the PGP FormMail CGI. Near the top of the pgp5formmail.pl file you will find the following line:

@referers = ('YOUR-DOMAIN.NAME','YOUR.IP.ADD.RESS');

Substitute your domain name and server IP address for the values YOUR-DOMAIN.NAME and YOUR.IP.ADD.RESS respectively.

Usage

Create a form that you would like the contents mailed to some address. The form should include the following fields (at the very least):

  • recipient = specifies who mail is sent to
  • pgpuserid = specifies your PGP user ID

Other optional fields can also be used to enhance the operation of PGP FormMail for you site, for example:

  • subject = specify the subject included in e-mail sent back to you
  • email = allow the user to specify a return e-mail address
  • realname = allow the user to input their real name
  • redirect = URL of page to redirect to instead of echoing form input
  • required = list of field names that are required input (comma delimited)

Several other fields are supported, please see the pgp5formmail.README document for a complete presentation of the supported fields.

For example, the HTML source for your form may look like this:

<form method="POST" action="/cgi-bin/pgp5formmail.pl">
<input type="hidden" name="recipient" 
       value="order@yourdomain.com">
<input type="hidden" name="pgpuserid" 
       value="YOUR-USER-ID">
<input type="hidden" name="subject" 
       value="Order Request">
<input type="hidden" name="required" 
       value="realname,username,phone">
Please Enter Your Name:<br>
<input name="realname" size="40">
<p>
Please Enter Your Email Address:<br>
<input name="username" size="40">
<p>
Please Enter Your Phone Number:<br>
<input name="phone" size="40">
<p>
.
.
.
<input type="submit" value="Submit">
<input type="reset" value="Reset">
</form>

YOUR-USER-ID is the user ID for your public key. If your user ID contains characters that could be misinterpreted by a web browser, such as '<' and '>', you will want to replace these characters with the proper escape sequences. For example if your user ID is:

John Q. Smith <12345.6789@compuserve.com>

Represent the user ID with the following string (note the &lt; and &gt; escape sequences):

John Q. Smith &lt;12345.6789@compuserve.com&gt;

Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!

1555 N Naperville/Wheaton Road, Suite 107
Naperville, IL 60563
phone 630.420.2550
fax 630.420.2771