Cannot form correctly the FORM part of the header when sending mail

[Ferrous Cranus]

Hello,
i have written the following snipper of code to help me send mail:


=================================================================================================================
# if html form is submitted then send user mail
#================================================================================================================
if( mailform ):

try:
if (FROM is None) or (MESSAGE is None) or ('@' not in FROM) or
('ΓÏάψε μου εδώ' in MESSAGE):
print( "<h2><font color=red>ΣυμπλήÏωσε σωστά το mail σου
και δώσε το σχολιασμό σου!</font></h2>" )
else:
# prepare mail data
TO = "(e-mail address removed)"

SUBJECT = u"Mail από τον επισκέπτη: ( %s )" % FROM

MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n"
+ MESSAGE + "\r\n"
MESSAGE = MESSAGE % ( FROM, TO, SUBJECT )
MESSAGE = MESSAGE.encode('utf-8')

# open Gmail's SMTP server
server = smtplib.SMTP('smtp.gmail.com:587')
server.ehlo()
server.starttls()

# next, log in to the server
server.login("(e-mail address removed)", "rmrcdherpbsfggcw")

# send the mail
server.sendmail( FROM, [TO], MESSAGE )

print( "<h2><font color=blue>ΕυχαÏιστώ Ï€Î¿Î»Ï Î³Î¹Î± το
ενδιαφέÏον! Θα επικοινωνήσω μαζί σου άμεσα </font></h2>" )
except Exception as e:
print( repr(e), file=open( '/tmp/err.out', 'a' ) )

sys.exit(0)
=======================================================================


It works as expected, but the the problem is that it display the FROM
part as being send from ,my personal GMail account when it supposed to
be shown the format variable field that was passed by index.html to the
mail.py script.

Si there a workaround for that please?

 

[feedthetroll]

Am Dienstag, 3. September 2013 09:48:13 UTC+2 schrieb Ferrous Cranus:

Hello,
i have written the following snipper of code to help me send mail:
...
server.login("(e-mail address removed)", "......")

HE DID IT AGAIN! The login works with the posted password!
Nikos, you should change your password IMMEDIATELY!

 

[Ferrous Cranus]

Στις 3/9/2013 12:33 μμ, ο/η (e-mail address removed) έγÏαψε:

Am Dienstag, 3. September 2013 09:48:13 UTC+2 schrieb Ferrous Cranus:
HE DID IT AGAIN! The login works with the posted password!
Nikos, you should change your password IMMEDIATELY!

...
OMG!

I cannot believe i'm being *that* careless, so many times.

 

[Piet van Oostrum]

Hello,
i have written the following snipper of code to help me send mail:

[snip]

# prepare mail data
TO = "(e-mail address removed)"

SUBJECT = u"Mail από τον επισκέπτη: ( %s )" % FROM

MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n"
+ MESSAGE + "\r\n"
MESSAGE = MESSAGE % ( FROM, TO, SUBJECT )
MESSAGE = MESSAGE.encode('utf-8')

First a couple of remarks:
1. You should add an empty line between the headers and the message (I
suppose the message does not start with an empty line).
2. It is better to do the % substitution only on the headers, not
including the message, just in case the message contains a % sign.
That makes it:
MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n" %
( FROM, TO, SUBJECT ) + MESSAGE + "\r\n"
MESSAGE = MESSAGE.encode('utf-8')
3. It is bad coding style in Python to use all-caps variables. Better
use message instead of MESSAGE etc.

[snip]

It works as expected, but the the problem is that it display the FROM
part as being send from ,my personal GMail account when it supposed to
be shown the format variable field that was passed by index.html to the
mail.py script.

Where does it display that?
Do you happen to read that mail in a Microsoft program?
If yes, then it is the fault of that program. Read the mail in some
other program and you will probably see that the proper From address is
there.

The problem is that Gmail inserts a "Sender" header with your account
(email address) and certain Microsoft programs use that to display as
the From address instead of the real From address. It's against the
rules, but then, Microsoft makes its own rules and who is going to stop
them?

And maybe there are other mail programs that do the same. AFAIK there is
no way to get rid of that Sender line.

 

[Ferrous Cranus]

Τη ΤετάÏτη, 4 ΣεπτεμβÏίου 2013 5:14:31 Ï€.μ. UTC+3, ο χÏήστης Piet van Oostrum έγÏαψε:

Where does it display that?
Do you happen to read that mail in a Microsoft program?

yes. Thunderbird.

If yes, then it is the fault of that program. Read the mail in some
other program and you will probably see that the proper From address is
there.

i used retrieval of 'nikosatsuperhost.gr' within GMail's service.

Same way of dispalyment there too.

The problem is that Gmail inserts a "Sender" header with your account
(email address) and certain Microsoft programs use that to display as
the From address instead of the real From address.

I think it's logical to act that way.

The real 'FROM' address that GMail uses to send mail from my 'mail.py' to some recipient is my real GMail's account address, and not the FROM address that any arbitrary poster posts in a html webform hwich can be totally fake, i.e. (e-mail address removed)

I believe any kind of mail client will be have this way.
We need some way to dicth the Sender FROM string or alter it to the one uses in the webform.

 

[Dave Angel]

Ôç ÔåôÜñôç, 4 Óåðôåìâñßïõ 2013 5:14:31 ð.ì. UTC+3, ï ÷ñÞóôçò Piet van Oostrum Ýãñáøå:


yes. Thunderbird.

When did Microsoft take over Thunderbird's development????

In any case, Thunderbird has te ability to display the actual message
received. See menu:
View->MessageSource

 

[Ferrous Cranus]

Στις 4/9/2013 2:15 μμ, ο/η Dave Angel έγÏαψε:

When did Microsoft take over Thunderbird's development????

In any case, Thunderbird has te ability to display the actual message
received. See menu:
View->MessageSource

I meant i'm using ThunderBird and not Outlook Express.

I doesn't matter what the mail headers say but the actual presentation
of the email which state always that it was sent by my personal GMail
address and not from the mail address that was posted int he webform

 

[Heiko Wundram]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 03.09.2013 09:48, schrieb Ferrous Cranus:

Si there a workaround for that please?

Yes, use/setup your own mailserver. Google will not allow you to send
as ("i.e., From:") an arbitrary address besides the one you've
authenticated as.

- --
- --- Heiko.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSJyUuAAoJEDMqpHf921/SksoIAJyFyYDN9zj/SypXERj+W1wK
fRuby0EyfWWMQayJ7SlbiSUzK3OF1ZVxO5s3WqGdXWI2WhXrrZbltuMyHedlBcqy
Dl9F1MtpItg01weICAYJCNcTNm649PCAuc47zbGahE7tDeJwU9xNlgEgXfnpx+eX
RvtyYAJlYnz5MTfftYZS9AxxEbaA+k5TNHcVE+5m3YX3Uno6rW+T19H4z4wC374K
MHxN4jS+z/qaZ+fDIkK6Uq8aRC5PA9pI37iTD5dJFikKugcp/9AqssnsEUkhMAGV
dcGPJnI1tiGrSLY6Q8q31DpkAlO79ETA4ag0yGvnjtmR/ZZjENlb2Ikls7JOA9Y=
=JDjl
-----END PGP SIGNATURE-----

 

[Dave Angel]

Óôéò 4/9/2013 2:15 ìì, ï/ç Dave Angel Ýãñáøå:

I meant i'm using ThunderBird and not Outlook Express.

I doesn't matter what the mail headers say but the actual presentation
of the email which state always that it was sent by my personal GMail
address and not from the mail address that was posted int he webform

One way to distinguish a bug in the python logic and in gmail, from a
bug in the mail reader is to examine the message source. Others may be
able to guess what it looks like, but I cannot.

 

[Ferrous Cranus]

Στις 4/9/2013 3:18 μμ, ο/η Heiko Wundram έγÏαψε:

Am 03.09.2013 09:48, schrieb Ferrous Cranus:
Yes, use/setup your own mailserver. Google will not allow you to send
as ("i.e., From:") an arbitrary address besides the one you've
authenticated as.

Hello Heiko,

You mean to ditch Google's SMTP server and use 'mail.superhost.gr' ?

Are you sure the same thing wont happen there too?

 

[Piet van Oostrum]

Am 03.09.2013 09:48, schrieb Ferrous Cranus:

Yes, use/setup your own mailserver. Google will not allow you to send
as ("i.e., From:") an arbitrary address besides the one you've
authenticated as.

Actually, it does allow you. Only it adds the "Sender" header with your
email address.

The Sender field is to be used when the message is sent by another
person than the author of the message. For example when (e-mail address removed)
writes an email, but the actual sending of the email is done by his
secretary (e-mail address removed), the following headers should be present.

From: (e-mail address removed) Sender: (e-mail address removed)

The mail agent should display John as the originator of the email, and
replies should go to him, unless the user chooses differently. However,
when there is an error in the transmission, error messages should go to
Charles.

At least that is what the RFC's say. And I think that is the logical way
to do it. Now some Microsoft mail programs will send replies to Charles,
which is incorrect.

 

[Piet van Oostrum]

I this hoq you mean? [...]

SUBJECT = u"Mail από τον επισκέπτη: ( %s )" % FROM

MESSAGE = "\nFrom: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n" % ( FROM, [TO], SUBJECT ) + MESSAGE + "\r\n"
MESSAGE = MESSAGE.encode('utf-8') [...]
but now iam getting this error message:

sendmail => %s 13-09-04 12:29:22 (<class 'TypeError'>, TypeError('not all arguments converted during string formatting',), <traceback object at 0x7f0e432e1cb0>)

That is because you changed TO in [TO]. That causes the error.

** And the \n at the beginning shouldn't be there. **

MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n" % ( FROM, TO, SUBJECT ) + MESSAGE + "\r\n"

You could even change that to:

MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n%s\r\n" % (FROM, TO, SUBJECT, MESSAGE)

which I think is nicer.

 

[Piet van Oostrum]

I think it's logical to act that way.

I think it is not, see my other post on this subject.

The real 'FROM' address that GMail uses to send mail from my 'mail.py'
to some recipient is my real GMail's account address, and not the FROM
address that any arbitrary poster posts in a html webform hwich can be
totally fake, i.e. (e-mail address removed)

No, it's not, as I explained. Gmail uses the From address that you
specified, but added the Sender header with your Gmail account in it.
Now your email agent usesdisplays the Sender address as the From, which
is misleading.

I believe any kind of mail client will be have this way.

No, my mail client doesn'tdo that.

We need some way to dicth the Sender FROM string or alter it to the
one uses in the webform.

You cannot ditch the Send from the sent email, as this is something
Gmail automatically provides. Maybe as some kind of spam detector, which
is reasonable. Actually providing the Sender in situations like this is
what the RFC requires, so Gmail is totally, completely correct in doing
this. The problem is completely on the receiving side, but Dave has told
you how to solve it.

 

[Ferrous Cranus]

Python help.

I use the following code in a cgi file
to give the client a download link to
download a file.

---

print "%s" % ('<a href = "Setup.zip"> Down
Load </a>')

----

A click on "Down Load" opens a pop up browser
window which allows the user to choose where
to download the "Setup.zip" file, then after
the download, the pop up window closes.

My problem is that I want the cgi form, which
contains the link, to also close after the
download. The only way I can figure out to
close the cgi window is to give the user a
button to close it.

Without closing it, the client can download
again and forever if they choose to because
the cgi window is open and the link is still
active.

I am trying to find a way to close the cgi
file or call another file after the download
without adding a close button and asking the
client to close the window.

jd

 

[Piet van Oostrum]

Στις 4/9/2013 3:18 μμ, ο/η Heiko Wundram έγÏαψε:

Hello Heiko,

You mean to ditch Google's SMTP server and use 'mail.superhost.gr' ?

Are you sure the same thing wont happen there too?

Just try it. In your email program, let it show all headers. Or if you don't trust that, just let the mail be sent to me. I can see exactly how it is.

 

[inq1ltd]

Python help.

I use the following code in a cgi file
to give the client a download link to
download a file.

---

print "%s" % ('<a href = "Setup.zip"> Down
Load </a>')

----

A click on "Down Load" opens a pop up browser
window which allows the user to choose where
to download the "Setup.zip" file, then after
the download, the pop up window closes.

My problem is that I want the cgi form, which
contains the link, to also close after the
download. The only way I can figure out to
close the cgi window is to give the user a
button to close it.

Without closing it, the client can download
again and forever if they choose to because
the cgi window is open and the link is still
active.

I am trying to find a way to close the cgi
file or call another file after the download
without adding a close button and asking the
client to close the window.

jd

 

[Joel Goldstick]

This same message comes up under one of Niko's many aliases. Is this
another? Why post twice?

 

[random832]

Without closing it, the client can download
again and forever if they choose to because
the cgi window is open and the link is still
active.

Why is this a problem? They usually won't want to, and if they do want
to (for example if they accidentally canceled the download) I don't see
why not to let them.

The solution should be to give them a unique download link that will
only work once (or only for a certain period of time), not to close the
window.

 

[Benjamin Kaplan]

Python help.

I use the following code in a cgi file
to give the client a download link to
download a file.

---

print "%s" % ('<a href = "Setup.zip"> Down
Load </a>')

----

A click on "Down Load" opens a pop up browser
window which allows the user to choose where
to download the "Setup.zip" file, then after
the download, the pop up window closes.

My problem is that I want the cgi form, which
contains the link, to also close after the
download. The only way I can figure out to
close the cgi window is to give the user a
button to close it.

Without closing it, the client can download
again and forever if they choose to because
the cgi window is open and the link is still
active.

I am trying to find a way to close the cgi
file or call another file after the download
without adding a close button and asking the
client to close the window.

jd

There is no such thing as a "cgi form" or "cgi window". Your cgi script
runs when the user requests a Web page, generates a page, and then ends. At
that point, python has stopped running. If your want the client's browser
window to close, that's not a python problem. If you want to invalidate the
download link after one successful download, you'll have to add a unique
identifier to the url and keep track of which identifiers are still valid.

 

[Piet van Oostrum]

I this hoq you mean? [...]

SUBJECT = u"Mail από τον επισκέπτη: ( %s )" % FROM

MESSAGE = "\nFrom: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n" % ( FROM, [TO], SUBJECT ) + MESSAGE + "\r\n"
MESSAGE = MESSAGE.encode('utf-8') [...]
but now iam getting this error message:

sendmail => %s 13-09-04 12:29:22 (<class 'TypeError'>, TypeError('not all arguments converted during string formatting',), <traceback object at 0x7f0e432e1cb0>)

That is because you changed TO in [TO]. That causes the error.

** And the \n at the beginning shouldn't be there. **

MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n" % ( FROM, TO, SUBJECT ) + MESSAGE + "\r\n"

You could even change that to:

MESSAGE = "From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n%s\r\n" % (FROM, TO, SUBJECT, MESSAGE)

There was another error in that line:

The string at the left of the % should be in parentheses, or be a single
string:

MESSAGE = ("From: %s\r\n" + "To: %s\r\n" + "Subject: %s\r\n\r\n%s\r\n") % ( FROM, TO, SUBJECT, MESSAGE)

or

MESSAGE = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n%s\r\n" % ( FROM, TO, SUBJECT, MESSAGE)

or even

MESSAGE = "From: %s\r\n" "To: %s\r\n" "Subject: %s\r\n\r\n%s\r\n" % ( FROM, TO, SUBJECT, MESSAGE)

Another note:

I did some expriments with Gmail and it seems that it also changes the
From header if the address given is not one that you registerd with your
gmail account. So it is even worse than I thought. (In practice I didn't
notice this because I have all the email addresses I use registered.)