Here I took the laziest route available, since I just needed a quick
solution for monitoring notifications: I used the email options
provided by one of my shared hosting providers. I have neither the
patience or time to setup and manage SMTP myself (been there, and as
much as I enjoy poking around in Apache I find SMTP uninteresting), so
I'm always happy to let dedicated staff handle that for me, esp. with
today's low prices for hosting.
LC Server runs on just about any shared host, and any CGI that can send
mail is fine.
Since it uses the email account set up with the host for the
domain/subdomain, this does mean that all email is sent from one
apparent sender. But if you set the account up with a meaningful name
that's not necessarily a bad thing (could reflect something related to
sales or whatever department your recipient might expect).
In my case encryption isn't an issue since I'm only sending monitoring
data to the CGI. But if I needed it HTTPS could be used to call the CGI
- free certs become available later this year, cheap certs are available
now, and one could easily encrypt the data client-side before sending
and decrypt on the server with LC's encrypt/decrypt functions.
As for the hash, just use anything that works for you. I use sha1digest
with input being the message concatenated with the date and the IP
address along with a "shared secret" salt, a file containing a long
string on both the client and server. Could be just about anything you
like, but with this simple setup anyone attempting to send spam with it
needs to do the following:
- Build a hash that satisfies what the server will expect, and while
most of it is simple the "shared secret" file is unlikely to be
guessed successfully.
- Know the name of the CGI to call
- Know the name of the subdomain I set up for it (as inconveniently
named as the CGI file)
And in my case I'm the only recipient so it's not like anyone can spam
the world with my setup anyway.
If you wanted to use something like that for sending email to others,
encryption is likely useful (so that if decrypt fails you know it's spam
junk and can just discard it), and even restrict by IP address if that's
a practical option (it is for me since the CGI is only called from a
known number of other systems, all of which have fixed IP addresses).
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
Bob Sneidar wrote:
I'm curious about this. Are you saying you have an SMTP service running?
If so, who do you relay through? I have an issue with customers
frequently, where the contact does not know what their email server is,
who provides it, or even who the IT company is that maintains it.
(Frankly it shocks me to see how many people run businesses with a
complete lack of any technical expertise whatsoever).
What I would like to offer the customer is an easy to set up SMTP server
to act as a relay. The problem then becomes encryption. Sarah's library
does not do any encryption, and all attempts by anyone (including
myself) have failed to get this to work even with the shell.
If you have something that has gotten around this (you mentioned a hash)
I'd be interested in it and would be glad to pay a fair price for it to
use in these situations.
*Bob Sneidar* | IT Technician
Integrated Office Technology | 12150 Mora Drive, Unit 2, Santa Fe
Springs, CA 90670
/
/
I don't know if this will help the OP's situation, but here I have a
number of apps that need to send email notifications, and some of them
are running on systems that have no email server installed. Most of
these are for server monitoring so I'm the only recipient, but maybe
the general idea may be useful:
I set up a CGI on one system that I want the emails to be sent from
(which happens to also be written in LC, but it could be Perl, PHP,
Python, bash, etc.) which accepts a recipient address, subject, and
body, along with an obscure hash used for authentication, and puts
those together to send the email from there.
The CGI itself is named very obscurely (e.g. something like
"gfdRRth88ewLYKss.cgi"), so it's unlikely to be guessed by any
spiders. And even if it were, anyone attempting to use the CGI for
spamming would also need to figure out the hash inputs, and there are
enough zombied Win installs that there are easier ways to hijack
machines; this one just isn't worth the effort :)
Not bullet-proof (nothing is), but reasonably secure and super-easy to
use. Now I have a single location for notifications that I can use
from any client or server process that needs to send email, without
even needing to have an email server installed. Sending notifications
is a one-liner anywhere I need 'em.
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
