Looking for a formmail script

The dreamhost one is not working well. I can’t get it to send to verizon.net email addresses. Plus when I set it up to send to an alias for the verizon address, it still wont send.

I’ve checked sf.net and googled, but haven’t found anything that’s super clean and easy. I would basically like to transition forms that currently use the DH formmail to a basic PHP script.

Any suggestions?



I have actually “reverted” to using the Dreamhost formmail script after trying a different “popular” script that was provided to me “intact” when I took over a site (Dynaform.php). It was exploited and wreaked a little havoc before I tracked it down and killed it.

I had a similar experience as you this last weekend when I most recently implemented a feedback form using formmail.dreamhost.com’s script: It refused to send to an address initially (while sending fine to other addresses), but several hours later it began working, and has worked fine ever since. I was never able to ascertain why it “burped” shortly after installation, but then worked flawlessly. Hearning your report, I’m even more confused, because it does send to verizon based addresses for me. The address it “burped” on in my case was an account with the MX set to a Ntwork Sluti*ns .com, and there was a Dreamhost alias involved. I had the same problem, but then it “appears” to have fixed itself.

I had a support ticket submitted, but never got a response before the matter seemed to resolve itself, so I cancelled the ticket (probably should have left it open, though I was afraid I would get on of those, “It’s working now” responses). Weird.

Strange. I went and tried an address I tried a dozen times before and now it works.

That said, I would still like to find a solution that doesn’t require me to put an email address in plain text for spam bots to suck up.


[quote]Strange. I went and tried an address I tried a dozen times before and now it works.
Go figure. Your experience exactly mirrors mine. WIth all the formmail scripts sitting around out there, you would think someone has found one they consider to be “good” one, that is secure, and masks the destination address.


I use NMS FormMail (http://nms-cgi.sourceforge.net/) which has the “alias” feature so that email addresses aren’t in the script. It also seems to be reasonably secure against spammer abuse, which I can say is NOT the case for the TFmail script you can find on the same site.


I ended up creating a contact script when I was first learning php. At that time I only knew a little about php, so I ended up creating some ugly stuff to avoid things like header injection.

Seeing the demand for such a script, I think I will put the issue on my todo list, but unfortunately it will be quite a while before I get to it.

For those who are interested, my script uses a form where the user selects a recipient which is identified by a number in the html source. When the form is transmitted, the proper recipient is added server-side but a “safe” address is displayed for the end user (like “You sent the message to General Purpose”).

Now that I think about it. Ajax would probably be a great way to integrate some of the features I would want in a form. If anyone has some time, feel free to list some of the things you’d like the script to do and I’ll keep a brainstorming document for when I can get around to it :slight_smile:

Check out Gordaen’s Knowledge, the blog, and the MR2 page.

I just tried to setup NMS FormMail and keep getting a 500 for anything I try.


Thanks for the pointer, Steve!

I had looked at that script some time ago, but will go look at it again, as I “missed” the alias feature. I remember being somewhat impressed with it at the time, but saw no real advantage over the DH supplied version (which I believe is a modified version of an earllier release of the NMS script),

The “alias” feature is a significant feature for me, ao it is worth another visit. Thanks!


Hey rlparker, if you get it working, let me know how you did it.




I’m still using the “oldish” formmail.dreamhost.com cgi…but I will try to take a look-see/install on this tonight, and I’ll let you know how it works out. :wink:


I got a chance to do a “quick and dirty” install and test early this morning, and everything worked fine. As for “how I did it”, I’m kinda at a loss as to how to describe it except that I follwed the “readme” and “examples” files carefully, edited a half a dozen variables, and was good to go. Downloading, editing, preparing the form, and uploading the whole mess ready to run took less than 15 minutes (of course, I used a “cheesy” little 4-field form, with a couple of hidden fields, and didn’t bother to “style” it with CSS).

I only installed and tested the “Compatibility Package” ( the tarball is here), as it was represented as being the “easiest” to install, and it did everything I needed. I especially liked the “alias” feature for “recipients”, which sucessfully masks the destination email address, and the ability to send the form to mutiple recipients. Nice! In fact, I don’t know if you noticed when you downloaded the script that Dreamhost is listed as an ISP that “reccomends” the use of the NMS programs. I seem to remember either a forum post or a support ticket from years ago that iindicated this script was the basis for the “modified” script Dreamhost “tweaked” for use as their “supplied” formailer.

Testing a little further, it seems to work almost exactly the same except that, since you can modify the actual script instead of being left with only “hidden” fields to work with, even the “easy” NMS version is much more configurable than the http://formmail.dreamhost.cgi version.

I played with several of the options, both in the config section of the script, and by using hidden fields in the HTML form, and everything worked as expected, so I’m pretty sure there is no “trick” to it.

Please don’t be insulted by my “simplistic” suggestions (you probably know this stuff better than I; I’m just trying to “help a brother out” here :wink: ), but since you mentioned you got “Internal Server Errors (500)”, you should check your error logs to see exactly what broke. If that doesn’t give you a clue as to what is wrong, the only things I can think of off of the top of my head to check are all the “usual suspects” kind of things in these kinds of scripts:

  1. Make sure the path to perl is correct in the config section - the default worked fine
  2. Make sure the path to sendmail is correct - the default had to be changed - set $mailprog = ‘/usr/sbin/sendmail -oi -t’;
  3. Make sure you set the $style variable to an appropriate path to a css file or set it =‘0’ if you want to run it without a css file in place.
  4. Make sure you upload in “ASCII” mode - if you ftp the files to your server
  5. Set the .pl program to “755” permissions

If double-checking those things doesn’t give you any love, we’ll have to dig a little deeper, but it does work.

Good luck, and let me know if you get it working or if you need any more help.


As I understand it, spambots have a pretty difficult time trawling for input fields inside FORMS that use the POST method. While individual users can View Source and see the destination email as plain text, automated harvesting is nowhere near as simple as harvesting mailto: links. You’d have to parse every form input tag of every page, just to begin with. So it may not be impossible, but seems fairly impractical when there are so many billions who naively leave their email addresses all over the web.

Using additional methods to completely mask the destination email is surely a good idea, but even implementing a simple form is a fairly significant improvement over mailto: links or including email addresses in the body of a web page.