Update of /cvsroot/tmda/tmda-cgi/htdocs
In directory sc8-pr-cvs1:/tmp/cvs-serv31562
Added Files:
tmda-cgi.ht tmda-cgi.html
Log Message:
Moving documentation. Will have to update it shortly.
--- NEW FILE ---
Title: tmda-cgi HOWTO
<h1>tmda-cgi (contributed by <a href="mailto:[EMAIL PROTECTED]">Gre7g
Luterman</a>)</h1>
<p><a href="#What">What is it?</a><br>
<a href="#Screen">Screenshots</a> <br>
<a href="#Require">Requirements</a><br>
<a href="#Blame">Credit/blame</a><br>
<a href="#Install">Installation</a><br>
<a href="#SystemWide">System-wide mode</a><br>
<a href="#SingleUser">Single-user mode</a><br>
<a href="#nosu">no-su mode</a><br>
<a href="#nosuExample">Centralized
no-su setup</a><br>
<a href="#Pass">Passwords</a><br>
<a href="#Virtual">Virtual users</a><br>
<a href="#Config">Configuration</a><br>
<a href="#Surprise">Surprises & gotcha's</a><br>
<a href="#Template">Templates (URL confirmation)</a></p>
<hr>
<h2><a name="What"></a>What is it?</h2>
<p>tmda-cgi is an alpha-release program for managing your
TMDA account over the web. At the time of this writing, tmda-cgi
can:</p>
<ul>
<li>Page through lists of pending e-mail (mail received by your MTA, but still
awaiting confirmation)
<li>View the text content (and see what sorts of attachments are included) in
any of your pending e-mails
<li>Release (move into your mail folder as if a confirmation had been received)
any of your pending e-mails.
<li>Delete any pending e-mail
<li>Whitelist or blacklist the author of any pending e-mails.
</ul>
<p>At the moment, tmda-cgi's focus is clearly manipulating pending e-mails. At
some point, I would like tmda-cgi to become more of a general system tool. Features
I hope to add soon include:</p>
<ul>
<li>Filter configuration</li>
<li>List editing</li>
<li>Automated clean-ups of pending e-mails</li>
<li>E-mail address generation (keyword, dated, or sender)</li>
</ul>
<p>tmda-cgi provides quick and easy access to your pending e-mails. This is an
ideal tool for users who either do not have access to a shell account or are
intimidated by operating in a command-line environment.</p>
<p>Although TMDA users do not generally need to mess with their pending e-mails,
there are times when this is the most convenient way to go. For instance:</p>
<ul>
<li>When you use a web site that says it will automatically mail you a password,
authentication link, or a receipt for a transaction you are making right now,
but you're not interested in any follow-up e-mail they will likely send you
in the future (and you don't feel like generating a dated address).
<p> Simply fill out the web form like you normally would and give your regular,
filtered e-mail address. The web site will send the e-mail to your mail
server, and your mail server will send a confirmation request back to the
web site (which will most likely never be seen by a human being). Then log
into tmda-cgi and manually release their letter. Any further mail they send
you will sit quietly in your pending directory like the one you released.
</li>
<li>To search your incoming mail for automated mailings you want to receive.
<p> Using tmda-cgi regularly for a few weeks or months after you begin filtering
your e-mail is a good way to make sure your filters are configured correctly.
<li>
<p>To look for "lost" e-mail.
<p> It's really rare that e-mail will get lost, but it's bound to happen
sometimes.
Perhaps Aunt Margaret can't figure out what the confirmation e-mail meant
(even though it is written in a very obvious way). Perhaps your boss was
in a hurry and deleted the confirmation request thinking
<em><strong>it</strong></em>
was spam (or perhaps he has a really crappy spam filter that mistook the
confirmation for spam). Perhaps Grandpa Joe sent you some e-mail from someone
else's e-mail account and they deleted the confirmation request, not realizing
what it was.
<li>
<p>To remind you <em><strong>why</strong></em> you got TMDA in the first place.
<p> "Wow, I would have gotten 100 e-mails about Viagara, cheap cigarettes,
weight loss drugs, penis enlargement, and Nigerian swindles today! Now I
remember why the rest of my family thinks that e-mail is a pain."
</ul>
<hr>
<h2><a name="Screen" id="Screen"></a>Screenshots</h2>
<p><b><i>Note:</i></b> You may find the default colors ugly. Those can be changed
by modifying the CSS file.</p>
<p><a href="http://tmda.sourceforge.net/screenshots/login.png";
target="_blank">Login</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/pending.png"; target="_blank">Index
of pending e-mails (whitelist & blacklist options enabled)</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/view1.png"; target="_blank">View
the contents of a pending e-mail with attachements</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/confirm.png";
target="_blank">Optional
Javascript confirmation when deleting or blacklisting</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/view2.png"; target="_blank">Show
all headers mode when viewing an e-mail</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/confirmed.png"; target="_blank">URL
confirmation
feedback</a></p>
<hr>
<h2><a name="Require"></a>Requirements</h2>
<p>TBD. Until we do more testing it isn't clear what systems have problems with
tmda-cgi.</p>
<hr>
<h2><a name="Blame" id="Blame"></a>Credit/blame</h2>
<p>As already mentioned, this is contributed software at an alpha-level release.
That means:</p>
<ul>
<li>Use at your own risk.
<p>That's true of all software in general, but we're telling you up front
that not a lot of people have tested or analyzed the code yet. If it goes
awry or opens a security hole on your machine, I won't drop dead from the
shock.</p>
</li>
<li>tmda-cgi was written by <a href="mailto:[EMAIL PROTECTED]">Gre7g Luterman</a>,
with support from Jason R. Mastaler, David Guerizec, Tim Legant, and others on
the TMDA lists.
</li>
</ul>
<hr>
<h2><a name="Install"></a>Installation</h2>
<p>tmda-cgi is provided in your distribution's <tt>contrib/cgi</tt> directory.</p>
<p>Once you've obtained a copy of tmda-cgi, you need to decide how you want to
use tmda-cgi. tmda-cgi has been designed to run three different ways: system-wide,
single-user, and in no-su modes.</p>
<ul>
<li>In system-wide mode, multiple users can use tmda-cgi to access their TMDA
system. The program launches as root and then performs a <tt>seteuid</tt>
to run as the requested user once password authentication has been accomplished.
This is the best solution for system administrators who wish to set up their
TMDA system for use by multiple users.<br>
</li>
<li>In single-user mode, only one user can access tmda-cgi. That user will still
need to authenticate their access with a password, but the program runs as
the user who compiled it and therefore cannot access anyone else's personal
data. If multiple users wish to install tmda-cgi in single-user mode (strange,
but not absurd) then each user can compile a different 14k shell that launches
the Python code. This method is less convenient than the system-wide installation,
but it is the best solution for users without root access to their server,
or for users who don't trust any program running as root that does not absolutely
have to run as root.<br>
</li>
<li>no-su mode, which is in testing, runs the program with no special privileges
of any sort. The downside of such an installation is that to allow the program
access to your personal files (such as pending e-mails) you will have to make
some of your files and directories group or world readable and writable. no-su
mode is a good solution for an unusual breed of user: someone who doesn't
trust the software, but trusts the other users on the server (since they could
get read/write access to his/er pending e-mail)</li>
</ul>
<p><b><i>Notes:</i></b></p>
<ul>
<li>tmda-cgi assumes it will run from within the source tree. No testing has
been done to date to see if it will work in other locations.<br>
</li>
<li>You will have to recompile tmda-cgi if you move your configuration files,
supplimental display files (icons and style sheet), or source tree.<br>
</li>
<li>You will have to recompile tmda-cgi if you change which mode (system-wide,
single-user, or no-su) you run in.</li>
</ul>
<h3><a name="SystemWide"></a>Installing system-wide</h3>
<p>As root, change to the cgi directory.</p>
<blockquote>
<pre># cd contrib/cgi</pre>
</blockquote>
<p>Compile tmda-cgi to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:</p>
<blockquote>
<pre># ./compile -t /path/to/cgi-bin/directory</pre>
</blockquote>
<p> or</p>
<blockquote>
<pre># ./compile -t /path/to/webpage/directory/index.cgi</pre>
</blockquote>
<p>Finally, tmda-cgi expects to find a variety of visual elements in web directory
<tt>../display/</tt>, relative to the CGI itself. The location of this directory
may be changed with <tt>compile</tt>'s <tt>-d</tt> flag. Sample files are provided
in <tt>contrib/cgi/display</tt>. Feel free to use these files as-is or
modify/replace
them to personalize the program.</p>
<p>The simplest way to provide this directory is with a symbolic link (assuming
you have you web server configured to follow symbolic links). For example:</p>
<blockquote>
<pre># ln -s display /path/to/webpage/directory</pre>
</blockquote>
<h3><a name="SingleUser"></a>Installing single-user</h3>
<p>As the (only) user who will be able to access tmda-cgi, change to the cgi
directory.</p>
<blockquote>
<pre>$ cd contrib/cgi</pre>
</blockquote>
<p>Compile tmda-cgi to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:</p>
<blockquote>
<pre>$ ./compile -t /path/to/cgi-bin/directory</pre>
</blockquote>
<p>or</p>
<blockquote>
<pre>$ ./compile -t /path/to/webpage/directory/index.cgi</pre>
</blockquote>
<p>Finally, tmda-cgi expects to find a variety of visual elements in web directory
<tt>../display/</tt>, relative to the CGI itself. The location of this directory
may be changed with <tt>compile</tt>'s <tt>-d</tt> flag. Sample files are provided
in <tt>contrib/cgi/display</tt>. Feel free to use these files as-is or
modify/replace
them to personalize the program.</p>
<p>The simplest way to provide this directory is with a symbolic link (assuming
you have you web server configured to follow symbolic links). For example:</p>
<blockquote>
<pre>$ ln -s display /path/to/webpage/directory</pre>
</blockquote>
<h3><a name="nosu"></a>Installing no-su</h3>
<p>To compile tmda-cgi for no-su mode, first change to the cgi directory.</p>
<blockquote>
<pre>$ cd contrib/cgi</pre>
</blockquote>
<p>Compile tmda-cgi to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:</p>
<blockquote>
<pre>$ ./compile -nt /path/to/cgi-bin/directory</pre>
</blockquote>
<p> or</p>
<blockquote>
<pre>$ ./compile -nt /path/to/webpage/directory/index.cgi</pre>
</blockquote>
<p> tmda-cgi expects to find a variety of visual elements in web directory
<tt>../display/</tt>,
relative to the CGI itself. The location of this directory may be changed with
<tt>compile</tt>'s <tt>-d</tt> flag. Sample files are provided in
<tt>contrib/cgi/display</tt>.
Feel free to use these files as-is or modify/replace them to personalize the
program.</p>
<p>The simplest way to provide this directory is with a symbolic link (assuming
you have you web server configured to follow symbolic links). For example:</p>
<blockquote>
<pre>$ ln -s display /path/to/webpage/directory</pre>
</blockquote>
<p>At this point you will have to change permissions on any existing pending mail
and add something akin to:</p>
<blockquote>
<pre>os.umask(027)</pre>
</blockquote>
<p>to your configuration file. That will make sure that future pending e-mails
are written such that they can be read by group members (i.e. the CGI).</p>
<h4><a name="nosuExample"></a>Centralized no-su setup</h4>
<p>If you multiple users plan on using tmda-cgi in no-su mode, then you might
consider moving all of your TMDA files into one central location. This will
make it easier to keep group permissions on your directories and files. Here's
some sample directories and file contents I set up for my user <tt>cgitest</tt>:</p>
<blockquote> <tt>/etc:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r--r-- 1 root
root 22 Nov 24 23:54 tmda-cgi<br>
-rw-r--r-- 1 root root
557 Nov 27 15:05 tmdarc<br>
-rw------- 1 tofmipd tofmipd 49 Nov 10
11:02 tofmipd</tt></td>
</tr>
</table><br>
<tt>/var:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>drwxr-s--x 3 root
nobody 72 Nov 27 11:24 tmda</tt></td>
</tr>
</table><br>
<tt>/var/tmda:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>drwx--s--- 6 cgitest
nobody 200 Nov 27 11:39 cgitest</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r----- 1 cgitest
nobody 0 Nov 27 11:39 config<br>
-rw-r----- 1 cgitest nobody 41 Nov 27
11:39 crypt_key<br>
drwx--s--- 2 cgitest nobody 96 Nov 27
12:55 filters<br>
drwx--s--- 2 cgitest nobody 144 Nov 27
12:59 lists<br>
drwx--s--- 2 cgitest nobody 120 Nov 27
12:57 logs<br>
drwxrws--- 2 cgitest nobody 48 Nov 27
11:37 pending<br>
drwx--s--- 2 cgitest nobody 768 Nov 29
09:54 responses<br>
drwxr-sr-x 2 cgitest nobody 200 Dec
6 20:33 templates</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/filters:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-rw---- 1 cgitest
nobody 153 Nov 27 12:54 incoming<br>
-rw-rw---- 1 cgitest nobody 150 Nov 27
12:55 outgoing</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/lists:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-rw---- 1 cgitest
nobody 0 Nov 27 12:59 blacklist<br>
-rw-rw---- 1 cgitest nobody 0 Nov
27 12:59 confirmed<br>
-rw-rw---- 1 cgitest nobody 0 Nov
27 12:59 whitelist</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/logs:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r----- 1 cgitest
nobody 0 Nov 27 12:57 debug<br>
-rw-r----- 1 cgitest nobody 0 Nov
27 12:57 in<br>
-rw-r----- 1 cgitest nobody 0 Nov
27 12:57 out</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/templates:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r--r-- 1 cgitest
nobody 407 Dec 6 20:30 bounce.txt<br>
-rw-r--r-- 1 cgitest nobody 215 Dec
6 20:30 confirm_accept.txt<br>
-rw-r--r-- 1 cgitest nobody 702 Dec
6 20:33 confirm_request.txt</tt></td>
</tr>
</table><br>
<tt>/etc/tmda-cgi:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>cgitest:XPkY0q/9Uge9I</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/filters/incoming:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>from-file
/var/tmda/cgitest/lists/blacklist reject<br>
from-file /var/tmda/cgitest/lists/whitelist accept<br>
from-file /var/tmda/cgitest/lists/confirmed accept</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/filters/outgoing:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>to-file /var/tmda/cgitest/lists/whitelist
tag envelope dated=10d from bare<br>
to-file /var/tmda/cgitest/lists/confirmed tag envelope dated=10d from bare</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/templates/confirm_request.txt:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>From.US-ASCII: "%(FULLNAME)s"
<%(recipient_address)s><br>
Subject.US-ASCII: Please confirm your message<br>
Reply-To.US-ASCII: %(confirm_accept_address)s<br>
BodyCharset: US-ASCII<br>
<br>
This message was created automatically by mail delivery software<br>
(TMDA).<br>
<br>
Your message attached below is being held because the address<br>
<%(confirm_append_address)s> has not been verified.<br>
<br>
To release your message for delivery, please send an empty message<br>
to the following address, surf the following link, or use your<br>
mailer's "Reply" feature.<br>
<br>
%(confirm_accept_address)s<br>
<br>
%(confirm_accept_url)s<br>
<br>
This confirmation verifies that your message is legitimate and not<br>
junk-mail. You should only have to confirm your address once.</tt></td>
</tr>
</table><br>
<tt>/etc/tmdarc:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>import Util<br>
<br>
# Allow group access to critical files<br>
ALLOW_MODE_640 = 1<br>
os.umask(0027)<br>
<br>
# Locate important files and directories<br>
DATADIR = "/var/tmda/%s/" % os.environ["USER"]<br>
CONFIRM_APPEND = DATADIR +
"lists/confirmed"<br>
FILTER_INCOMING = DATADIR + "filters/incoming"<br>
FILTER_OUTGOING = DATADIR + "filters/outgoing"<br>
LOGFILE_DEBUG = DATADIR + "logs/debug"<br>
LOGFILE_INCOMING = DATADIR + "logs/in"<br>
LOGFILE_OUTGOING = DATADIR + "logs/out"<br>
PENDING_BLACKLIST_APPEND = DATADIR + "lists/blacklist"<br>
PENDING_WHITELIST_APPEND = DATADIR + "lists/whitelist"<br>
TEMPLATE_DIR = DATADIR + "templates/"<br>
<br>
# CGI location<br>
CGI_URL = "http://wolfhome.com/~cgitest/index2.cgi";<br>
<br>
# Define X-Primary-Address key for TMDA-to-TMDA communications<br>
ADDED_HEADERS_CLIENT = { "X-Primary-Address": "[EMAIL PROTECTED]" % \<br>
(os.environ["USER"], Util.gethostname()) }</tt></td>
</tr>
</table><br>
<tt>~cgitest/.qmail:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>|preline /usr/src/tmda/bin/tmda-filter -c
/var/tmda/cgitest/config<br>
./Maildir/</tt></td>
</tr>
</table>
</blockquote>
<p>tmda-cgi was compiled with the following:</p>
<blockquote>
<pre>./compile -nc /var/tmda/~/config -t /www/tmda.cgi</pre>
</blockquote>
<p>Use the <tt>./compile -h</tt> for more details on how to use compile.</p>
<hr>
<h2><a name="Pass"></a>Passwords</h2>
<p>tmda-cgi currently authenticate logins against user name & password pairs
stored in a password file (or files). tmda-cgi will look in two different places
for password file(s), but it (they) must be readable by the CGI.</p>
<p>If you are running in system-wide mode, the password file can be owned by root.
If you are running in single-user mode, the password file can be owned by the
user who will be running the CGI. If you are running in no-su mode, the file
must either be owned by "nobody" (or whatever user your web server
is configured to run as) or made globally readable See the table below for a
better breakdown of your options.</p>
<p>tmda-cgi first checks for a readable file called <tt>tmda-cgi</tt> in the same
directory as the user's configuration file (if that location has been specified,
otherwise it will look in <tt>~user/.tmda/tmda-cgi</tt>). It then tries
<tt>/etc/tmda-cgi</tt>
if it can't find a match or cannot read the file. This allows the system
administrator
to keep a list of access passwords while allowing the user to override what
the sysadmin has set.</p>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="35"> </td>
<td width="10"> </td>
<td> </td>
<td width="10"> </td>
<td colspan="2" align="center" nowrap
bgcolor="#FFFFCC"><tt>~user/.tmda/tmda-cgi</tt></td>
<td width="10" align="center" nowrap> </td>
<td colspan="2" align="center" nowrap bgcolor="#FFFFCC"><tt>/etc/tmda-cgi</tt></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td width="80" align="center" bgcolor="#FFFFCC">owner</td>
<td width="90" align="center" bgcolor="#FFFFCC">permissions</td>
<td align="center"> </td>
<td width="80" align="center" bgcolor="#FFFFCC">owner</td>
<td width="90" align="center" bgcolor="#FFFFCC">permissions</td>
</tr>
<tr>
<td> </td>
<td bgcolor="#CCFFFF"> </td>
<td bgcolor="#CCFFFF">system-wide</td>
<td bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">user</td>
<td align="center" bgcolor="#CCFFCC">600</td>
<td align="center" bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">root</td>
<td align="center" bgcolor="#CCFFCC">600</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>single-user</td>
<td> </td>
<td align="center" bgcolor="#FFFFCC">user</td>
<td align="center" bgcolor="#FFFFCC">600</td>
<td align="center"> </td>
<td colspan="2" align="center" bgcolor="#FFFFCC">n/a</td>
</tr>
<tr>
<td> </td>
<td bgcolor="#CCFFFF"> </td>
<td bgcolor="#CCFFFF">no-su</td>
<td bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">user</td>
<td align="center" bgcolor="#CCFFCC">644</td>
<td align="center" bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">root<br>
nobody </td>
<td align="center" bgcolor="#CCFFCC">644<br>
600 </td>
</tr>
<tr>
<td> </td>
<td colspan="8" align="center">File owner & permission options</td>
</tr>
</table>
<p>The password file for tmda-cgi is formatted in much the same way as the password
file for tofmipd. In fact, if you are using a password file with tofmipd and
you wish to run tmda-cgi in system-wide mode, feel free to make a symbolic link
between the two:</p>
<blockquote>
<pre> # ln -s /etc/tofmipd /etc/tmda-cgi</pre>
</blockquote>
<p>Password files for tmda-cgi look like:</p>
<blockquote>
<pre><user1>:<password1>
<user2>:<password2></pre>
</blockquote>
<p>where each item in <tt><></tt> is replaced with text.</p>
<p>The difference between this password file and the one for tofmipd is that the
file does not need to have <br>
permissions of 400 or 600. If you, for example, are running in no-su mode, you
will have to make your password file group or world readable.</p>
<p>To keep the passwords secure, tmda-cgi will assume all passwords are DES encrypted
if the file permissions are anything other than 400 or 600. Plaintext passwords
will <i><b>not</b></i> work in such cases.</p>
<p>Additionally, any entry with a blank password field, such as:</p>
<blockquote>
<pre>cantlogin:</pre>
</blockquote>
<p>will be prohibited from login, regardless of the file permissions.</p>
<p><tt>contrib/cgi/genpass.py</tt> is provided for encrypted password generation.
Output from <tt>genpass.py</tt> can be safely piped with <tt>></tt> or
<tt>>></tt>
into a password file. For example:</p>
<blockquote>
<pre># contrib/cgi/genpass.py joe >> /etc/tmda-cgi</pre>
</blockquote>
<p> or</p>
<blockquote>
<pre>$ contrib/cgi/genpass.py joe > /home/joe/.tmda/tmda-cgi</pre>
</blockquote>
<p>If you encounter difficulties logging in, the problem may be a result of incorrect
permissions on your password file(s). To debug this, append a <tt>?debug=1</tt>
onto the end of your CGI URL. This will display some diagnostic information
if the login fails instead of simply saying "Wrong password. Try
again."</p>
<hr>
<h2><a name="Virtual" id="Virtual"></a>Virtual users</h2>
<p>Although planned for future releases, there is no support for virtual users
at this time. Each user who plans to use tmda-cgi must have a login record in
<tt>/etc/passwd</tt>.</p>
<hr>
<h2><a name="Config"></a>Configuration</h2>
<p>tmda-cgi is configured by a set of parameters in your configuration file(s).
All tmda-cgi configuration variables begin with a "<tt>CGI_</tt>"
and are described on the <a href="config-vars.html">Configuration Variables</a>
page.</p>
<p><em><strong>Note:</strong></em> If you change nothing else, you will have to
at least set the value for <a
href="config-vars.html#CGI_ACTIVE"><tt>CGI_ACTIVE</tt></a>.</p>
<hr>
<h2><a name="Surprise" id="Surprise"></a>Surprises & gotcha's</h2>
<p>This section of the documentation is reserved for functionality and quirks
that, although not erroneous, may not be what you expect. Check this list for
help if you experience problems with tmda-cgi.</p>
<ol>
<li>tmda-cgi's whitelist feature does not update the list pointed to by
configuration
variable <tt><a
href="/config-vars.html#CONFIRM_APPEND">CONFIRM_APPEND</a></tt><tt>.</tt>
<p>tmda-cgi uses configuration variable <a
href="/config-vars.html#PENDING_WHITELIST_APPEND"><tt>PENDING_WHITELIST_APPEND</tt></a>
instead of <tt><a
href="/config-vars.html#CONFIRM_APPEND">CONFIRM_APPEND</a>.</tt>
To use the whitelist feature, you must set <a
href="/config-vars.html#PENDING_WHITELIST_APPEND"><tt>PENDING_WHITELIST_APPEND</tt></a>
to a list that is handled by your incoming filter.<p></li>
<li>TMDA requires Python version 2.1 but some flavors of Linux (such as <a
href="http://redhat.com";>RedHat</a>)
come with two different versions of Python installed, one older and one newer.
<p>If tmda-cgi tries to run using the wrong version of Python, then you must
specify the correct version at compile time. Instead of typing:
<blockquote>
<pre>$ ./compile <options></pre>
</blockquote>
<p>Type:</p>
<blockquote>
<pre>$ /usr/bin/python2 compile <options></pre>
</blockquote>
<p>(Assuming that your Python 2.1+ can be found at <tt>/usr/bin/python2</tt>.)
The compiler will save the correct version of the Python interpreter and
use it when tmda-cgi is run.</p>
</li>
</ol>
<hr>
<h2><a name="Template" id="Template"></a>Templates</h2>
<p>By supplying your own templates (see the <a href="howto-template.html">Template
HOWTO</a> for more on customizing your templates) you can use tmda-cgi's URL
confirmation feature. This allows you to specify a URL in your confirmation
e-mail as an alternative to confirming by e-mail.</p>
<p>To supply a confirmation URL, simply use the <tt>%(confirm_accept_url)s</tt>
variable in <tt>confirm_request.txt</tt> as shown in <a
href="#nosuExample">Centralized
no-su setup</a>.</p>
<p><em><strong>Notes:</strong></em></p>
<ul>
<li>Be sure you set <a href="config-vars.html#CGI_ACTIVE"><tt>CGI_ACTIVE</tt></a>,
<a href="config-vars.html#CGI_URL"><tt>CGI_URL</tt></a>, and <a
href="config-vars.html#TEMPLATE_DIR"><tt>TEMPLATE_DIR</tt></a>
before modifying your template! No confirmation e-mails will be sent if you
specify a <tt>%(confirm_accept_url)</tt> until these variables are properly
configured.<br>
</li>
<li>Always test your configuration after making a change to your templates.<br>
</li>
<li>Your crypt_key file must be readible by tmda-cgi to use this feature.
<p>This is not and issue if you are running in system-wide orf single-user
modes, but in no-su mode, you will have to:</p>
</li>
<ul>
<li>Put crypt_key in the CGI's group.</li>
<li>Assign crypt_key 640 permissions.</li>
<li>Turn on <a href="config-vars.html#ALLOW_MODE_640">ALLOW_MODE_640</a>.<br>
</li>
</ul>
</ul>
--- NEW FILE ---
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
<!-- Mon Mar 17 16:18:15 2003 -->
<!-- USING HT2HTML 2.0 -->
<!-- SEE http://ht2html.sf.net -->
<!-- User-specified headers:
Title: tmda-cgi HOWTO
-->
<head>
<title>tmda-cgi HOWTO</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="generator" content="HT2HTML/2.0">
<style type="text/css">
body { margin: 0px; }
</style>
</head>
<body bgcolor="#ffffff" text="#000000"
marginwidth="0" marginheight="0"
link="#0000bb" vlink="#551a8b"
alink="#ff0000">
<!-- start of page table -->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<!-- start of banner row -->
<tr>
<!-- start of corner cells -->
<td width="150" valign="middle" bgcolor="#afeeee" class="corner">
<center><font size="+2"
>>>> TMDA </font></center> </td>
<td width="15" bgcolor="#cccccc"> </td><!--spacer-->
<!-- end of corner cells -->
<!-- start of banner -->
<td width="90%" bgcolor="#cccccc" class="banner">
<!-- start of site links table -->
<table width="100%" border="0"
CELLSPACING=0 CELLPADDING=0
bgcolor="#ffffff">
<tr>
<td bgcolor="#cccccc">
<a href="./index.html">TMDA Homepage</a><br>[ <a
href="http://www.au.tmda.net/";>AU</a> | <a href="http://www.us.tmda.net/";>US</a>
mirror ]
</td>
<td bgcolor="#cccccc">
<a href="http://sourceforge.net/projects/tmda";>TMDA @ SourceForge</a>
</td>
<td bgcolor="#cccccc">
</td>
<td bgcolor="#cccccc">
</td>
</tr>
</table><!-- end of site links table -->
</td><!-- end of banner -->
</tr><!-- end of banner row -->
<tr><!-- start of sidebar/body row -->
<!-- start of sidebar cells -->
<td width="150" valign="top" bgcolor="#cccccc" class="sidebar">
<!-- start of sidebar table -->
<table width="100%" border="0" cellspacing="0" cellpadding="3"
bgcolor="#ffffff">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Overview
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="index.html">Introduction</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="history.html">History</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="features.html">Features</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="results.html">Results & Testimonials</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="inuse.html">TMDA In Use</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="press.html">Press Coverage</a><!-- -*- html -*- -->
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Install
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="requirements.html">Requirements</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="download.html">Download</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="install.html">Installation</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Configuration
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="config.html">Overview</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-pre.html">Pre-Configuration</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-server.html">Server Configuration</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-client.html">Client Configuration</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-vars.html">Configuration Variables</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-filter.html">Filter Specification</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="filter-sources.html">Filter Sources</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
HOWTOs
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="howtos.html">Overview</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="howto-template.html">Templates</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="tmda-ofmipd.html">tmda-ofmipd</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="tmda-vdomains.html">Virtual Domains</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<b>tmda-cgi</b>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Support
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="trouble.html">Troubleshooting</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://tmda.net/faq.cgi"; TARGET="Resource Window">FAQ</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="bugs.html">Bugs & Patches</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://tmda.net/lists/listinfo/"; TARGET="Resource Window">Mailing Lists</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://mla.libertine.org/"; TARGET="Resource Window">List Archive</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="support-commercial.html">Commercial Support</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="resources.html">External Resources</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="mirrors.html">Mirrors</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Author
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="mailto:[EMAIL PROTECTED]">Jason R. Mastaler</a>
</td></tr>
<tr><td bgcolor="#cccccc">
</td></tr>
<tr><td bgcolor="#cccccc">
© 2001-2003
</td></tr>
</table><!-- end of sidebar table -->
</td>
<td width="15"> </td><!--spacer-->
<!-- end of sidebar cell -->
<!-- start of body cell -->
<td valign="top" width="90%" class="body"><br>
<h1>tmda-cgi (contributed by <a href="mailto:[EMAIL PROTECTED]">Gre7g
Luterman</a>)</h1>
<p><a href="#What">What is it?</a><br>
<a href="#Screen">Screenshots</a> <br>
<a href="#Require">Requirements</a><br>
<a href="#Blame">Credit/blame</a><br>
<a href="#Install">Installation</a><br>
<a href="#SystemWide">System-wide mode</a><br>
<a href="#SingleUser">Single-user mode</a><br>
<a href="#nosu">no-su mode</a><br>
<a href="#nosuExample">Centralized
no-su setup</a><br>
<a href="#Pass">Passwords</a><br>
<a href="#Virtual">Virtual users</a><br>
<a href="#Config">Configuration</a><br>
<a href="#Surprise">Surprises & gotcha's</a><br>
<a href="#Template">Templates (URL confirmation)</a></p>
<hr>
<h2><a name="What"></a>What is it?</h2>
<p>tmda-cgi is an alpha-release program for managing your
TMDA account over the web. At the time of this writing, tmda-cgi
can:</p>
<ul>
<li>Page through lists of pending e-mail (mail received by your MTA, but still
awaiting confirmation)
<li>View the text content (and see what sorts of attachments are included) in
any of your pending e-mails
<li>Release (move into your mail folder as if a confirmation had been received)
any of your pending e-mails.
<li>Delete any pending e-mail
<li>Whitelist or blacklist the author of any pending e-mails.
</ul>
<p>At the moment, tmda-cgi's focus is clearly manipulating pending e-mails. At
some point, I would like tmda-cgi to become more of a general system tool. Features
I hope to add soon include:</p>
<ul>
<li>Filter configuration</li>
<li>List editing</li>
<li>Automated clean-ups of pending e-mails</li>
<li>E-mail address generation (keyword, dated, or sender)</li>
</ul>
<p>tmda-cgi provides quick and easy access to your pending e-mails. This is an
ideal tool for users who either do not have access to a shell account or are
intimidated by operating in a command-line environment.</p>
<p>Although TMDA users do not generally need to mess with their pending e-mails,
there are times when this is the most convenient way to go. For instance:</p>
<ul>
<li>When you use a web site that says it will automatically mail you a password,
authentication link, or a receipt for a transaction you are making right now,
but you're not interested in any follow-up e-mail they will likely send you
in the future (and you don't feel like generating a dated address).
<p> Simply fill out the web form like you normally would and give your regular,
filtered e-mail address. The web site will send the e-mail to your mail
server, and your mail server will send a confirmation request back to the
web site (which will most likely never be seen by a human being). Then log
into tmda-cgi and manually release their letter. Any further mail they send
you will sit quietly in your pending directory like the one you released.
</li>
<li>To search your incoming mail for automated mailings you want to receive.
<p> Using tmda-cgi regularly for a few weeks or months after you begin filtering
your e-mail is a good way to make sure your filters are configured correctly.
<li>
<p>To look for "lost" e-mail.
<p> It's really rare that e-mail will get lost, but it's bound to happen
sometimes.
Perhaps Aunt Margaret can't figure out what the confirmation e-mail meant
(even though it is written in a very obvious way). Perhaps your boss was
in a hurry and deleted the confirmation request thinking
<em><strong>it</strong></em>
was spam (or perhaps he has a really crappy spam filter that mistook the
confirmation for spam). Perhaps Grandpa Joe sent you some e-mail from someone
else's e-mail account and they deleted the confirmation request, not realizing
what it was.
<li>
<p>To remind you <em><strong>why</strong></em> you got TMDA in the first place.
<p> "Wow, I would have gotten 100 e-mails about Viagara, cheap cigarettes,
weight loss drugs, penis enlargement, and Nigerian swindles today! Now I
remember why the rest of my family thinks that e-mail is a pain."
</ul>
<hr>
<h2><a name="Screen" id="Screen"></a>Screenshots</h2>
<p><b><i>Note:</i></b> You may find the default colors ugly. Those can be changed
by modifying the CSS file.</p>
<p><a href="http://tmda.sourceforge.net/screenshots/login.png";
target="_blank">Login</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/pending.png"; target="_blank">Index
of pending e-mails (whitelist & blacklist options enabled)</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/view1.png"; target="_blank">View
the contents of a pending e-mail with attachements</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/confirm.png";
target="_blank">Optional
Javascript confirmation when deleting or blacklisting</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/view2.png"; target="_blank">Show
all headers mode when viewing an e-mail</a></p>
<p><a href="http://tmda.sourceforge.net/screenshots/confirmed.png"; target="_blank">URL
confirmation
feedback</a></p>
<hr>
<h2><a name="Require"></a>Requirements</h2>
<p>TBD. Until we do more testing it isn't clear what systems have problems with
tmda-cgi.</p>
<hr>
<h2><a name="Blame" id="Blame"></a>Credit/blame</h2>
<p>As already mentioned, this is contributed software at an alpha-level release.
That means:</p>
<ul>
<li>Use at your own risk.
<p>That's true of all software in general, but we're telling you up front
that not a lot of people have tested or analyzed the code yet. If it goes
awry or opens a security hole on your machine, I won't drop dead from the
shock.</p>
</li>
<li>tmda-cgi was written by <a href="mailto:[EMAIL PROTECTED]">Gre7g Luterman</a>,
with support from Jason R. Mastaler, David Guerizec, Tim Legant, and others on
the TMDA lists.
</li>
</ul>
<hr>
<h2><a name="Install"></a>Installation</h2>
<p>tmda-cgi is provided in your distribution's <tt>contrib/cgi</tt> directory.</p>
<p>Once you've obtained a copy of tmda-cgi, you need to decide how you want to
use tmda-cgi. tmda-cgi has been designed to run three different ways: system-wide,
single-user, and in no-su modes.</p>
<ul>
<li>In system-wide mode, multiple users can use tmda-cgi to access their TMDA
system. The program launches as root and then performs a <tt>seteuid</tt>
to run as the requested user once password authentication has been accomplished.
This is the best solution for system administrators who wish to set up their
TMDA system for use by multiple users.<br>
</li>
<li>In single-user mode, only one user can access tmda-cgi. That user will still
need to authenticate their access with a password, but the program runs as
the user who compiled it and therefore cannot access anyone else's personal
data. If multiple users wish to install tmda-cgi in single-user mode (strange,
but not absurd) then each user can compile a different 14k shell that launches
the Python code. This method is less convenient than the system-wide installation,
but it is the best solution for users without root access to their server,
or for users who don't trust any program running as root that does not absolutely
have to run as root.<br>
</li>
<li>no-su mode, which is in testing, runs the program with no special privileges
of any sort. The downside of such an installation is that to allow the program
access to your personal files (such as pending e-mails) you will have to make
some of your files and directories group or world readable and writable. no-su
mode is a good solution for an unusual breed of user: someone who doesn't
trust the software, but trusts the other users on the server (since they could
get read/write access to his/er pending e-mail)</li>
</ul>
<p><b><i>Notes:</i></b></p>
<ul>
<li>tmda-cgi assumes it will run from within the source tree. No testing has
been done to date to see if it will work in other locations.<br>
</li>
<li>You will have to recompile tmda-cgi if you move your configuration files,
supplimental display files (icons and style sheet), or source tree.<br>
</li>
<li>You will have to recompile tmda-cgi if you change which mode (system-wide,
single-user, or no-su) you run in.</li>
</ul>
<h3><a name="SystemWide"></a>Installing system-wide</h3>
<p>As root, change to the cgi directory.</p>
<blockquote>
<pre># cd contrib/cgi</pre>
</blockquote>
<p>Compile tmda-cgi to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:</p>
<blockquote>
<pre># ./compile -t /path/to/cgi-bin/directory</pre>
</blockquote>
<p> or</p>
<blockquote>
<pre># ./compile -t /path/to/webpage/directory/index.cgi</pre>
</blockquote>
<p>Finally, tmda-cgi expects to find a variety of visual elements in web directory
<tt>../display/</tt>, relative to the CGI itself. The location of this directory
may be changed with <tt>compile</tt>'s <tt>-d</tt> flag. Sample files are provided
in <tt>contrib/cgi/display</tt>. Feel free to use these files as-is or
modify/replace
them to personalize the program.</p>
<p>The simplest way to provide this directory is with a symbolic link (assuming
you have you web server configured to follow symbolic links). For example:</p>
<blockquote>
<pre># ln -s display /path/to/webpage/directory</pre>
</blockquote>
<h3><a name="SingleUser"></a>Installing single-user</h3>
<p>As the (only) user who will be able to access tmda-cgi, change to the cgi
directory.</p>
<blockquote>
<pre>$ cd contrib/cgi</pre>
</blockquote>
<p>Compile tmda-cgi to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:</p>
<blockquote>
<pre>$ ./compile -t /path/to/cgi-bin/directory</pre>
</blockquote>
<p>or</p>
<blockquote>
<pre>$ ./compile -t /path/to/webpage/directory/index.cgi</pre>
</blockquote>
<p>Finally, tmda-cgi expects to find a variety of visual elements in web directory
<tt>../display/</tt>, relative to the CGI itself. The location of this directory
may be changed with <tt>compile</tt>'s <tt>-d</tt> flag. Sample files are provided
in <tt>contrib/cgi/display</tt>. Feel free to use these files as-is or
modify/replace
them to personalize the program.</p>
<p>The simplest way to provide this directory is with a symbolic link (assuming
you have you web server configured to follow symbolic links). For example:</p>
<blockquote>
<pre>$ ln -s display /path/to/webpage/directory</pre>
</blockquote>
<h3><a name="nosu"></a>Installing no-su</h3>
<p>To compile tmda-cgi for no-su mode, first change to the cgi directory.</p>
<blockquote>
<pre>$ cd contrib/cgi</pre>
</blockquote>
<p>Compile tmda-cgi to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:</p>
<blockquote>
<pre>$ ./compile -nt /path/to/cgi-bin/directory</pre>
</blockquote>
<p> or</p>
<blockquote>
<pre>$ ./compile -nt /path/to/webpage/directory/index.cgi</pre>
</blockquote>
<p> tmda-cgi expects to find a variety of visual elements in web directory
<tt>../display/</tt>,
relative to the CGI itself. The location of this directory may be changed with
<tt>compile</tt>'s <tt>-d</tt> flag. Sample files are provided in
<tt>contrib/cgi/display</tt>.
Feel free to use these files as-is or modify/replace them to personalize the
program.</p>
<p>The simplest way to provide this directory is with a symbolic link (assuming
you have you web server configured to follow symbolic links). For example:</p>
<blockquote>
<pre>$ ln -s display /path/to/webpage/directory</pre>
</blockquote>
<p>At this point you will have to change permissions on any existing pending mail
and add something akin to:</p>
<blockquote>
<pre>os.umask(027)</pre>
</blockquote>
<p>to your configuration file. That will make sure that future pending e-mails
are written such that they can be read by group members (i.e. the CGI).</p>
<h4><a name="nosuExample"></a>Centralized no-su setup</h4>
<p>If you multiple users plan on using tmda-cgi in no-su mode, then you might
consider moving all of your TMDA files into one central location. This will
make it easier to keep group permissions on your directories and files. Here's
some sample directories and file contents I set up for my user <tt>cgitest</tt>:</p>
<blockquote> <tt>/etc:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r--r-- 1 root
root 22 Nov 24 23:54 tmda-cgi<br>
-rw-r--r-- 1 root root
557 Nov 27 15:05 tmdarc<br>
-rw------- 1 tofmipd tofmipd 49 Nov 10
11:02 tofmipd</tt></td>
</tr>
</table><br>
<tt>/var:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>drwxr-s--x 3 root
nobody 72 Nov 27 11:24 tmda</tt></td>
</tr>
</table><br>
<tt>/var/tmda:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>drwx--s--- 6 cgitest
nobody 200 Nov 27 11:39 cgitest</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r----- 1 cgitest
nobody 0 Nov 27 11:39 config<br>
-rw-r----- 1 cgitest nobody 41 Nov 27
11:39 crypt_key<br>
drwx--s--- 2 cgitest nobody 96 Nov 27
12:55 filters<br>
drwx--s--- 2 cgitest nobody 144 Nov 27
12:59 lists<br>
drwx--s--- 2 cgitest nobody 120 Nov 27
12:57 logs<br>
drwxrws--- 2 cgitest nobody 48 Nov 27
11:37 pending<br>
drwx--s--- 2 cgitest nobody 768 Nov 29
09:54 responses<br>
drwxr-sr-x 2 cgitest nobody 200 Dec
6 20:33 templates</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/filters:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-rw---- 1 cgitest
nobody 153 Nov 27 12:54 incoming<br>
-rw-rw---- 1 cgitest nobody 150 Nov 27
12:55 outgoing</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/lists:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-rw---- 1 cgitest
nobody 0 Nov 27 12:59 blacklist<br>
-rw-rw---- 1 cgitest nobody 0 Nov
27 12:59 confirmed<br>
-rw-rw---- 1 cgitest nobody 0 Nov
27 12:59 whitelist</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/logs:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r----- 1 cgitest
nobody 0 Nov 27 12:57 debug<br>
-rw-r----- 1 cgitest nobody 0 Nov
27 12:57 in<br>
-rw-r----- 1 cgitest nobody 0 Nov
27 12:57 out</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/templates:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>-rw-r--r-- 1 cgitest
nobody 407 Dec 6 20:30 bounce.txt<br>
-rw-r--r-- 1 cgitest nobody 215 Dec
6 20:30 confirm_accept.txt<br>
-rw-r--r-- 1 cgitest nobody 702 Dec
6 20:33 confirm_request.txt</tt></td>
</tr>
</table><br>
<tt>/etc/tmda-cgi:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>cgitest:XPkY0q/9Uge9I</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/filters/incoming:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>from-file
/var/tmda/cgitest/lists/blacklist reject<br>
from-file /var/tmda/cgitest/lists/whitelist accept<br>
from-file /var/tmda/cgitest/lists/confirmed accept</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/filters/outgoing:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>to-file /var/tmda/cgitest/lists/whitelist
tag envelope dated=10d from bare<br>
to-file /var/tmda/cgitest/lists/confirmed tag envelope dated=10d from bare</tt></td>
</tr>
</table><br>
<tt>/var/tmda/cgitest/templates/confirm_request.txt:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>From.US-ASCII: "%(FULLNAME)s"
<%(recipient_address)s><br>
Subject.US-ASCII: Please confirm your message<br>
Reply-To.US-ASCII: %(confirm_accept_address)s<br>
BodyCharset: US-ASCII<br>
<br>
This message was created automatically by mail delivery software<br>
(TMDA).<br>
<br>
Your message attached below is being held because the address<br>
<%(confirm_append_address)s> has not been verified.<br>
<br>
To release your message for delivery, please send an empty message<br>
to the following address, surf the following link, or use your<br>
mailer's "Reply" feature.<br>
<br>
%(confirm_accept_address)s<br>
<br>
%(confirm_accept_url)s<br>
<br>
This confirmation verifies that your message is legitimate and not<br>
junk-mail. You should only have to confirm your address once.</tt></td>
</tr>
</table><br>
<tt>/etc/tmdarc:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>import Util<br>
<br>
# Allow group access to critical files<br>
ALLOW_MODE_640 = 1<br>
os.umask(0027)<br>
<br>
# Locate important files and directories<br>
DATADIR = "/var/tmda/%s/" % os.environ["USER"]<br>
CONFIRM_APPEND = DATADIR +
"lists/confirmed"<br>
FILTER_INCOMING = DATADIR + "filters/incoming"<br>
FILTER_OUTGOING = DATADIR + "filters/outgoing"<br>
LOGFILE_DEBUG = DATADIR + "logs/debug"<br>
LOGFILE_INCOMING = DATADIR + "logs/in"<br>
LOGFILE_OUTGOING = DATADIR + "logs/out"<br>
PENDING_BLACKLIST_APPEND = DATADIR + "lists/blacklist"<br>
PENDING_WHITELIST_APPEND = DATADIR + "lists/whitelist"<br>
TEMPLATE_DIR = DATADIR + "templates/"<br>
<br>
# CGI location<br>
CGI_URL = "http://wolfhome.com/~cgitest/index2.cgi";<br>
<br>
# Define X-Primary-Address key for TMDA-to-TMDA communications<br>
ADDED_HEADERS_CLIENT = { "X-Primary-Address": "[EMAIL PROTECTED]" % \<br>
(os.environ["USER"], Util.gethostname()) }</tt></td>
</tr>
</table><br>
<tt>~cgitest/.qmail:</tt>
<table>
<tr>
<td width="600" bgcolor="#CCCCCC"><tt>|preline /usr/src/tmda/bin/tmda-filter -c
/var/tmda/cgitest/config<br>
./Maildir/</tt></td>
</tr>
</table>
</blockquote>
<p>tmda-cgi was compiled with the following:</p>
<blockquote>
<pre>./compile -nc /var/tmda/~/config -t /www/tmda.cgi</pre>
</blockquote>
<p>Use the <tt>./compile -h</tt> for more details on how to use compile.</p>
<hr>
<h2><a name="Pass"></a>Passwords</h2>
<p>tmda-cgi currently authenticate logins against user name & password pairs
stored in a password file (or files). tmda-cgi will look in two different places
for password file(s), but it (they) must be readable by the CGI.</p>
<p>If you are running in system-wide mode, the password file can be owned by root.
If you are running in single-user mode, the password file can be owned by the
user who will be running the CGI. If you are running in no-su mode, the file
must either be owned by "nobody" (or whatever user your web server
is configured to run as) or made globally readable See the table below for a
better breakdown of your options.</p>
<p>tmda-cgi first checks for a readable file called <tt>tmda-cgi</tt> in the same
directory as the user's configuration file (if that location has been specified,
otherwise it will look in <tt>~user/.tmda/tmda-cgi</tt>). It then tries
<tt>/etc/tmda-cgi</tt>
if it can't find a match or cannot read the file. This allows the system
administrator
to keep a list of access passwords while allowing the user to override what
the sysadmin has set.</p>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="35"> </td>
<td width="10"> </td>
<td> </td>
<td width="10"> </td>
<td colspan="2" align="center" nowrap
bgcolor="#FFFFCC"><tt>~user/.tmda/tmda-cgi</tt></td>
<td width="10" align="center" nowrap> </td>
<td colspan="2" align="center" nowrap bgcolor="#FFFFCC"><tt>/etc/tmda-cgi</tt></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td width="80" align="center" bgcolor="#FFFFCC">owner</td>
<td width="90" align="center" bgcolor="#FFFFCC">permissions</td>
<td align="center"> </td>
<td width="80" align="center" bgcolor="#FFFFCC">owner</td>
<td width="90" align="center" bgcolor="#FFFFCC">permissions</td>
</tr>
<tr>
<td> </td>
<td bgcolor="#CCFFFF"> </td>
<td bgcolor="#CCFFFF">system-wide</td>
<td bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">user</td>
<td align="center" bgcolor="#CCFFCC">600</td>
<td align="center" bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">root</td>
<td align="center" bgcolor="#CCFFCC">600</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>single-user</td>
<td> </td>
<td align="center" bgcolor="#FFFFCC">user</td>
<td align="center" bgcolor="#FFFFCC">600</td>
<td align="center"> </td>
<td colspan="2" align="center" bgcolor="#FFFFCC">n/a</td>
</tr>
<tr>
<td> </td>
<td bgcolor="#CCFFFF"> </td>
<td bgcolor="#CCFFFF">no-su</td>
<td bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">user</td>
<td align="center" bgcolor="#CCFFCC">644</td>
<td align="center" bgcolor="#CCFFFF"> </td>
<td align="center" bgcolor="#CCFFCC">root<br>
nobody </td>
<td align="center" bgcolor="#CCFFCC">644<br>
600 </td>
</tr>
<tr>
<td> </td>
<td colspan="8" align="center">File owner & permission options</td>
</tr>
</table>
<p>The password file for tmda-cgi is formatted in much the same way as the password
file for tofmipd. In fact, if you are using a password file with tofmipd and
you wish to run tmda-cgi in system-wide mode, feel free to make a symbolic link
between the two:</p>
<blockquote>
<pre> # ln -s /etc/tofmipd /etc/tmda-cgi</pre>
</blockquote>
<p>Password files for tmda-cgi look like:</p>
<blockquote>
<pre><user1>:<password1>
<user2>:<password2></pre>
</blockquote>
<p>where each item in <tt><></tt> is replaced with text.</p>
<p>The difference between this password file and the one for tofmipd is that the
file does not need to have <br>
permissions of 400 or 600. If you, for example, are running in no-su mode, you
will have to make your password file group or world readable.</p>
<p>To keep the passwords secure, tmda-cgi will assume all passwords are DES encrypted
if the file permissions are anything other than 400 or 600. Plaintext passwords
will <i><b>not</b></i> work in such cases.</p>
<p>Additionally, any entry with a blank password field, such as:</p>
<blockquote>
<pre>cantlogin:</pre>
</blockquote>
<p>will be prohibited from login, regardless of the file permissions.</p>
<p><tt>contrib/cgi/genpass.py</tt> is provided for encrypted password generation.
Output from <tt>genpass.py</tt> can be safely piped with <tt>></tt> or
<tt>>></tt>
into a password file. For example:</p>
<blockquote>
<pre># contrib/cgi/genpass.py joe >> /etc/tmda-cgi</pre>
</blockquote>
<p> or</p>
<blockquote>
<pre>$ contrib/cgi/genpass.py joe > /home/joe/.tmda/tmda-cgi</pre>
</blockquote>
<p>If you encounter difficulties logging in, the problem may be a result of incorrect
permissions on your password file(s). To debug this, append a <tt>?debug=1</tt>
onto the end of your CGI URL. This will display some diagnostic information
if the login fails instead of simply saying "Wrong password. Try
again."</p>
<hr>
<h2><a name="Virtual" id="Virtual"></a>Virtual users</h2>
<p>Although planned for future releases, there is no support for virtual users
at this time. Each user who plans to use tmda-cgi must have a login record in
<tt>/etc/passwd</tt>.</p>
<hr>
<h2><a name="Config"></a>Configuration</h2>
<p>tmda-cgi is configured by a set of parameters in your configuration file(s).
All tmda-cgi configuration variables begin with a "<tt>CGI_</tt>"
and are described on the <a href="config-vars.html">Configuration Variables</a>
page.</p>
<p><em><strong>Note:</strong></em> If you change nothing else, you will have to
at least set the value for <a
href="config-vars.html#CGI_ACTIVE"><tt>CGI_ACTIVE</tt></a>.</p>
<hr>
<h2><a name="Surprise" id="Surprise"></a>Surprises & gotcha's</h2>
<p>This section of the documentation is reserved for functionality and quirks
that, although not erroneous, may not be what you expect. Check this list for
help if you experience problems with tmda-cgi.</p>
<ol>
<li>tmda-cgi's whitelist feature does not update the list pointed to by
configuration
variable <tt><a
href="/config-vars.html#CONFIRM_APPEND">CONFIRM_APPEND</a></tt><tt>.</tt>
<p>tmda-cgi uses configuration variable <a
href="/config-vars.html#PENDING_WHITELIST_APPEND"><tt>PENDING_WHITELIST_APPEND</tt></a>
instead of <tt><a
href="/config-vars.html#CONFIRM_APPEND">CONFIRM_APPEND</a>.</tt>
To use the whitelist feature, you must set <a
href="/config-vars.html#PENDING_WHITELIST_APPEND"><tt>PENDING_WHITELIST_APPEND</tt></a>
to a list that is handled by your incoming filter.<p></li>
<li>TMDA requires Python version 2.1 but some flavors of Linux (such as <a
href="http://redhat.com";>RedHat</a>)
come with two different versions of Python installed, one older and one newer.
<p>If tmda-cgi tries to run using the wrong version of Python, then you must
specify the correct version at compile time. Instead of typing:
<blockquote>
<pre>$ ./compile <options></pre>
</blockquote>
<p>Type:</p>
<blockquote>
<pre>$ /usr/bin/python2 compile <options></pre>
</blockquote>
<p>(Assuming that your Python 2.1+ can be found at <tt>/usr/bin/python2</tt>.)
The compiler will save the correct version of the Python interpreter and
use it when tmda-cgi is run.</p>
</li>
</ol>
<hr>
<h2><a name="Template" id="Template"></a>Templates</h2>
<p>By supplying your own templates (see the <a href="howto-template.html">Template
HOWTO</a> for more on customizing your templates) you can use tmda-cgi's URL
confirmation feature. This allows you to specify a URL in your confirmation
e-mail as an alternative to confirming by e-mail.</p>
<p>To supply a confirmation URL, simply use the <tt>%(confirm_accept_url)s</tt>
variable in <tt>confirm_request.txt</tt> as shown in <a
href="#nosuExample">Centralized
no-su setup</a>.</p>
<p><em><strong>Notes:</strong></em></p>
<ul>
<li>Be sure you set <a href="config-vars.html#CGI_ACTIVE"><tt>CGI_ACTIVE</tt></a>,
<a href="config-vars.html#CGI_URL"><tt>CGI_URL</tt></a>, and <a
href="config-vars.html#TEMPLATE_DIR"><tt>TEMPLATE_DIR</tt></a>
before modifying your template! No confirmation e-mails will be sent if you
specify a <tt>%(confirm_accept_url)</tt> until these variables are properly
configured.<br>
</li>
<li>Always test your configuration after making a change to your templates.<br>
</li>
<li>Your crypt_key file must be readible by tmda-cgi to use this feature.
<p>This is not and issue if you are running in system-wide orf single-user
modes, but in no-su mode, you will have to:</p>
</li>
<ul>
<li>Put crypt_key in the CGI's group.</li>
<li>Assign crypt_key 640 permissions.</li>
<li>Turn on <a href="config-vars.html#ALLOW_MODE_640">ALLOW_MODE_640</a>.<br>
</li>
</ul>
</ul>
</td><!-- end of body cell -->
</tr><!-- end of sidebar/body row -->
</table><!-- end of page table -->
</body></html>
_______________________________________
tmda-cvs mailing list
http://tmda.net/lists/listinfo/tmda-cvs
![http://tmda.sourceforge.net/screenshots/login.png"](http://tmda.sourceforge.net/screenshots/login.png"){kind=link}
![http://tmda.sourceforge.net/screenshots/pending.png"](http://tmda.sourceforge.net/screenshots/pending.png"){kind=link}
![http://tmda.sourceforge.net/screenshots/view1.png"](http://tmda.sourceforge.net/screenshots/view1.png"){kind=link}
![http://tmda.sourceforge.net/screenshots/confirm.png"](http://tmda.sourceforge.net/screenshots/confirm.png"){kind=link}
![http://tmda.sourceforge.net/screenshots/view2.png"](http://tmda.sourceforge.net/screenshots/view2.png"){kind=link}
![http://tmda.sourceforge.net/screenshots/confirmed.png"](http://tmda.sourceforge.net/screenshots/confirmed.png"){kind=link}