Cgi email problem Options

[bigginge]

A friend took over a company he worked for when the owner retired and I redesigned the site for him, and do updates throughout the year. The contact forms are based on a cgi script which is in its own folder in the web space, and I've never had cause to touch it. A couple of days ago my friend wrote saying he'd stopped receiving emails from the site, including tests he'd sent. He contacted the ISP who repied:

When I went to your website and in contacts tab, with empty form I press submit button I got error message what you can see on attached file, also I check logs on our mail servers and they do not record any e-mail from your domain, I would like to suggest to your web developer revisit code what you have on site, with doable checking if he don't use any function or procedure with one is not longer supported for security reasons and check permissions for files.

The attached file is -


Apart from the rather garbled English I don't really understand what he's saying, having no experience of CGI scripts, plus I can't see why it should have stopped working when I haven't touched anything. Can anyone shed some light on the problem please? The site in question is at Sierra Training

[Christian J]

Has this been fixed yet?

He contacted the ISP who repied:

Did you mean the web host? I'm surprised that an ISP would test a contact form.

The attached file is -

I don't know much about CGI scripts, but that error message sounds like it's checking a referer header and it's not what's expected. This might happen if the form page has been moved, renamed, or if the user has customized (or disabled) the referer headers his browser sends. Perhaps also if the web host has upgraded the server or its components in some way.

The site in question is at Sierra Training

I sent two empty messages from http://www.sierra.co.uk/contact.html one with referer headers enabled and one disabled, and got no error message in either case. Instead I was redirected to http://www.sierra.co.uk/brochure_submission.htm which said "Your enquiry has been sent to Sierra".

BTW, the form calls the javascript function fValidateBooking(this) which I can't find.

[pandy]

He probably does mean a host - which is an ISP.

I've just recently realized this myself. Maybe it's an ESL problem or a Swedish problem. I have thought an ISP is the nice company (ha ha! ) that provides us with internet access, as have you, I assume. But not so. The label seems to apply to every company involved that offers some kind of service that makes the internet and the web possible.

Quoting Wikipedia:

An Internet service provider (ISP) is an organization that provides services for accessing, using, the Internet. Internet service providers may be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privately owned.

Internet services typically provided by ISPs include Internet access, Internet transit, domain name registration, web hosting, Usenet service, and colocation.

https://en.wikipedia.org/wiki/Internet_service_provider

[Christian J]

The label seems to apply to every company involved that offers some kind of service that makes the internet and the web possible.

I guess that makes sense, but I never seen that definition being used in practice. And what should we call Internet access companies if ISP is too broad?

[Christian J]

Seems that the "bad referrer" message is part of the (now ancient) Matt's FormMail: http://www.scriptarchive.com/download.cgi?...p;f=FormMail.pl --it's also found in the improved nms version of the script: http://www.scriptarchive.com/nms.html (if the OP is using Matt's FormMail you might install the nms version instead, for better security).

Regarding the "bad referrer" message I don't know what's causing it, maybe it was something unique with the IPS representative's browser? But if more people get the same error, it seems possible to disable it (at least in the nms script version).

[pandy]

Internetleverantör.

I've seen it used, but as you did I have thought the person who used it used the word wrongly. Mea culpa.

[bigginge]

Thanks for the informative replies. We got this reply from the ISP:
'I think I can now tell you what the problem is. When using your form you should not set the form to use the submitters email address you should have your own address set so mail is always being sent from an address you manage e.g. info@sierra.uk if the submitters domain has an SPF record thin this could cause the mail to not be sent as the SPF would specify the servers that are allowed to send mail for that domain, this also applies with our systems, if you do check on the logs you will see that the mail is not sent due to the senders domain, see logs below.

For the moment I have put a fix in place but I would recommend getting your forms updated to use some code that is current, as previously detailed the code you are using dates back to 1996, you may want to look at getting a new version of the script or converting to php.'

I think, though you may correct me, that updated security systems were picking up on an old problem.
I was chatting to a fellow guitarist at a gig last night and it turns out he does coding, php etc., for a living so he's going to help us update the script.

Thanks again for all your interest.