On Fri, 8 Sep 2006, Bryan Irvine wrote:
> i have a peice of code that doesn't seem to work. It compiles and
> even executes fine but the email never goes anywhere.
>
> maillog doesn't even show anything trying. Apache is not running chrooted.
>
> #define SENDMAIL_PATH "/usr/sbin/sendmail -t"
> #define RECIPIENT "[EMAIL PROTECTED]"
> #define SENDER "[EMAIL PROTECTED]"
Note subtle changes made from your original.
> FILE *mail;
> char sendmail[512];
> sprintf(sendmail, "%s %s", SENDMAIL_PATH, RECIPIENT);
use snprintf here, this is exactly the sort of code that some joker
will try to do a buffer overflow on.
> mail = popen(sendmail, "w");
Check return from popen. Abort if NULL. As in:
if(!(mail=popen(sendmail, "w")))
err(1, NULL); /* man 3 err */
You might want to add
fflush(stdin); /* man 3 popen, under "BUGS" */
and
fprintf(mail, "To: %s\n", RECIPIENT);
here. Sendmail -t does not generate this header, and without it
aggressive spam blockers might can the message.
>From man 8 sendmail:
-t Read message for recipients. To:, Cc:, and Bcc: lines will
be scanned for recipient addresses. The Bcc: line will be
deleted before transmission.
You may not need the recipient in the invocation of sendmail. (You don't).
> fprintf(mail, "From: %s\n", SENDER);
> fprintf(mail, "Subject: test email.\n");
> fprintf(mail, "\n");
> fprintf(mail, "blah\n");
> pclose(mail);
if(pclose(mail))
err(2, NULL);
>
> also worth noting that i'm a terrible C programmer. It's possible
> that elsewhere I have a bug, but I just want to eliminate whether www
> can even execute sendmail.
>
> --Bryan
If apache is not chrooted, it should run this.
Login as www (or however apache runs) and try it from the command
line, then from a standalone small program. You will have to make
www a log-in-able user with vipw first.
--
Experience runs an expensive school, but fools will learn in no other.
-- Benjamin Franklin
