HTML, PHP & POSTFIX

[kamzo]

Hi, wondering if anyone could help me out 

I have my domain with a site and email hosted on one sentora server 

I have a contact us HTML form and a PHP server side script

HTML 

Code:

<form action="email_form.php" method="post">
               <input id="name" name= "name" type="text" class="text" value="Name" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Name';}">
               <input id="email" name="email" type="text" class="text" value="Email" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Email';}">
               <input id="subject" name="subject" type="text" class="text" value="Subject" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Subject';}">
               <textarea id="message" name="message" value="Comment" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Message';}">Comment</textarea>
               <input type="submit" value="submit">
            </form>

PHP

PHP Code:

<?php

    {
    $name=$_REQUEST['name'];
    $email=$_REQUEST['email'];
    $subject=$_REQUEST['subject'];
    $message=$_REQUEST['message'];
    if (($name=="")||($subject=="")||($email=="")||($message==""))
        {
        echo "All fields are required, please fill <a href=\"\">the form</a> again.";
        }
    else{        
        $from="From: $name<$email>\r\nReturn-path: $email";
        mail("info@mydomain.co.za", $name, $subject, $message, $from);
        echo "Email sent!";
        }
    }  
?>

Now this works perfectly and if I go to the roundcube webmail I get the response

But I have this on another page 

HTML 

Code:

<form action="email_form_service.php" method="post">
               <input id="name" name= "name" type="text" class="text" value="Name" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Name';}">
               <input id="company" name= "company" type="text" class="text" value="Company" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Company';}">
               <input id="contact" name= "contact" type="text" class="text" value="Contact Number" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Contact';}">
               <input id="service" name= "service" type="text" class="text" value="Name Of Service" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Service';}">
               <input id="email" name="email" type="text" class="text" value="Email" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Email';}">
               <input id="budget" name="budget" type="text" class="text" value="Enter Maximum Budget" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Budget';}">
               <textarea id="message" name="message" value="Comment" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Message';}">Message</textarea>
               <input type="submit" value="submit">
            </form>

PHP

PHP Code:

<?php

    {
    $name=$_REQUEST['name'];
    $email=$_REQUEST['email'];
    $contact=$_REQUEST['contact'];
    $service=$_REQUEST['service'];
    $budget=$_REQUEST['budget'];
    $company=$_REQUEST['company'];
    $message=$_REQUEST['message'];
    if (($name=="")||($email=="")||($contact=="")||($service=="")||($budget=="")||($company=="")||($message==""))
        {
        echo "All fields are required, please fill <a href=\"\">the form</a> again.";
        }
    else{        
        $from="From: $name<$email>\r\nReturn-path: $email";
        mail("quotes@mydomain.co.za", $name, $contact, $service, $budget, $company, $message, $from);
        echo "Request Sent!";
        }
    }
?>

It doesn't work 
I do get the Request sent message but nothing in the webmail
Postfix main.cf

Code:

# postfix config file

# uncomment for debugging if needed
soft_bounce=yes

# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

# network settings
inet_interfaces = all
mydomain = limpid01.mydomain.co.za
myhostname = limpid01.mydomain.co.za
mynetworks = 127.0.0.1, 91.134.137.101
mydestination = localhost.$mydomain, localhost
relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf

# mail delivery
recipient_delimiter = +

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

#transport_maps

= hash:/etc/postfix/transport

#local_recipient_maps

=

# virtual setup
virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
                    regexp:/etc/sentora/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/sentora/vmail
virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 995
virtual_uid_maps = static:995
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# tls config
smtp_use_tls = no
smtpd_use_tls = no

#smtp_tls_note_starttls_offer

= yes

#smtpd_tls_loglevel

= 1

#smtpd_tls_received_header

= yes

#smtpd_tls_session_cache_timeout

= 3600s

#tls_random_source

= dev:/dev/urandom

#smtp_tls_session_cache_database

= btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name

#smtpd_tls_key_file

= /etc/pki/tls/private/mail.example.com.key

#smtpd_tls_cert_file

= /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt

# rules restrictions
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,
       permit_mynetworks,
       reject_unauth_destination,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient,
       reject_unknown_recipient_domain
# uncomment for realtime black list checks. (Warn: will also reject false positive)
#       ,reject_rbl_client zen.spamhaus.org
#       ,reject_rbl_client bl.spamcop.net
#       ,reject_rbl_client dnsbl.sorbs.net

smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_banner = $myhostname ESMTP

message_size_limit = 20480000

Any assistance would be appreciated
Running mailq give this output

Code:

F1A3F23E3AF      876 Thu Dec 15 09:00:01  root@limpid01.mydomain.co.za
(delivery temporarily suspended: mail for limpid01.mydomain.co.za loops back to myself)
                                        root@limpid01.mydomain.co.za

F1CED3846D     2952 Sun Dec 18 13:53:40  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F05AE2107CB     2953 Sun Dec 18 13:53:48  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F10E61D22EB     2953 Sun Dec 18 13:53:31  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F3AFA1D21C6     2953 Sun Dec 18 13:53:47  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F34F21D22D2     2953 Sun Dec 18 13:53:42  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F23941D224C     2953 Sun Dec 18 13:53:42  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F0A461D2237     2953 Sun Dec 18 13:53:43  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F142117E02     2951 Sun Dec 18 13:53:30  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

F33881D2107     2953 Sun Dec 18 13:53:36  MAILER-DAEMON
                                                 (mail transport unavailable)
                                        root@limpid01.mydomain.co.za

-- 7852 Kbytes in 3250 Requests.

Cut the above Short, too long to post here

any help would be appreciated
Regards
Kamzo

[Ron-e]

Just took a quick look:

PHP Code:

mail("quotes@mydomain.co.za", $name, $contact, $service, $budget, $company, $message, $from); 


Check how the mail() function is used.

You can easily use something like:

PHP Code:

$to  = "quotes@mydomain.co.za";
$subject  = "the subject";
$message2 = "name: $name \r\n".
"Contact: $contact \r\n".
"service: $service \r\n".
"budget: $budget \r\n".
"Company: $company \r\n".
"message: $message';
$headers        = "From: server@mydomain.co.za \r\n" .
"X-Mailer: PHP/" . phpversion();

mail($to, $subject, $message2, $headers); 


Did not test this....

[Ron-e]

You know that you did not check/validated any of the POST variables which is very insecure!


uhmm tried/did a edit and got a new post......

[kamzo]

Just took a quick look:

PHP Code:

mail("quotes@mydomain.co.za", $name, $contact, $service, $budget, $company, $message, $from); 


Check how the mail() function is used.

You can easily use something like:

PHP Code:

$to  = "quotes@mydomain.co.za";
$subject  = "the subject";
$message2 = "name: $name \r\n".
"Contact: $contact \r\n".
"service: $service \r\n".
"budget: $budget \r\n".
"Company: $company \r\n".
"message: $message';
$headers        = "From: server@mydomain.co.za \r\n" .
"X-Mailer: PHP/" . phpversion();

mail($to, $subject, $message2, $headers); 


Did not test this....

Tried something similar before !!
And this as well, Didn't work 

It seems odd as for my contact form it works perfectly 

I think this issue is server side

[Ron-e]

You are using the mail() function wrong in both examples, try this for the second one:

PHP Code:

$name=$_REQUEST['name'];
$email=$_REQUEST['email'];
$contact=$_REQUEST['contact'];
$service=$_REQUEST['service'];
$budget=$_REQUEST['budget'];
$company=$_REQUEST['company'];
$message=$_REQUEST['message'];
if (($name=="")||($email=="")||($contact=="")||($service=="")||($budget=="")||($company=="")||($message=="")){
echo "All fields are required, please fill <a href=\"\">the form</a> again.";
}else{        
$to  = "quotes@mydomain.co.za";
$subject  = "the subject";
$message2 = "name: $name \r\n".
"E-mail: $email \r\n".
"Contact: $contact \r\n".
"service: $service \r\n".
"budget: $budget \r\n".
"Company: $company \r\n".
"message: $message";
$headers        = "From: $name <$email>\r\nReturn-path: $email" 
."X-Mailer: PHP/" . phpversion();
if(mail($to, $subject, $message2, $headers)){
echo "Sent!";
}else{
echo "fail!";
}
} 


this one i tested.

AND ITS VERY INSECURE, don't use it on a production server/website!

P.S. if the first one worked, even if you use the wrong variables in the mail() function you can say it issent a server problem.
I think..

[Ron-e]

oh and thank you for confusing me with Me.B here..

[Me.B]

ha ha they are too used to me     and credit goes the Ron-e

[kamzo]

oh and thank you for confusing me with @[Me.B] here..

SORRRRRY 

Really acustomed to the names T Gates and Me.B 

Ron-e you're a  legend BTW 



Definitely insecure, just for testing purposes