Secure contact forms with mail.fcgi

mail.fcgi is a simple web-based mailer application. It is generally used to implement "Contact us" forms similar to ours. It stores actual e-mail addresses in an internal database. This avoids the need to enter e-mail addresses in your HTML source for spammers to see. mail.fcgi also allows you to pass arbitrary information fields simply by creating the desired forms in your HTML source.

Security and privacy

As long as the destination e-mail address is hosted on one of our servers, the message will be delivered to it securely (without travelling over potentially unsecured networks). If SSL service is enabled for your account, we recommend calling mail.fcgi over https://, so that the message is sent securely from the client all the way to the destination.

Installing mail.fcgi

From your shell, install the application like so:

  $ cp -R /var/www/mail.fcgi ~/www/my-mailer

The HTML source files are the *.htm files in the html/ subdirectory, and the main templates are the *.m4 files in the html/m4/ directory. Do not edit the *.html.* files (they are generated automatically for various languages and character encodings). If you are familiar with XSLT, you can add stylesheets in html/xsl/ as well. Feel free to modify these files using your favorite text editor, but make sure to run make when you're done (as the final HTML will run through m4(1) and xsltproc(1)).

  $ cd html
  $ $EDITOR *.htm
  $ make

To insert new information fields (whose contents will be appended to the e-mail), simply create an HTML form and give it some name starting with "f_". For example, if you wanted to add an "Order number" field, you would insert something like the following in default.htm:

  Order number: <input type=text name="f_OrderNo">

You can use the same method to insert new "X-Foo" fields in the mail headers. This can be convenient if the recipient address is using automatic e-mail classification:

  Send to department:
  <select name="x_Department">
    <option value="Technical Department">
    <option value="Billing Department">
    <option value="Department of Apocalyptic Affairs">
  </select>

Configuring the recipients

In order for mail.fcgi to deliver mail to its allowed destination(s), the recipient list must be edited precisely. Open up etc/recipients in a text editor.

  #
  # Format:
  # (key):(language):(email-address):(description)
  #
  sales-en:en:sales@my-domain:Sales department
  sales-fr:fr:sales@my-domain:Département des ventes
  tech-en:en:tech@my-domain:Technical department
  tech-fr:fr:tech@my-domain:Département technique

The fields are as follows:

A key used by mail.fcgi to describe a recipient. You can use a word of your choice.
A two-letter language code. You can enter alternate entries for a same key, with different languages.
Actual e-mail address of the recipient.
Some description displayed by mail.fcgi (when it is invoked without arguments).

You can insert international characters, just make sure that your text editor is in UTF-8 mode.