SMTP server without authentication?

Dave96

Perch
Hi,

I'm a running a script that has to send emails for validation after signup. Unfortunetaly, there is not option to authenticate the SMTP server and I cannot use sendmail because I'm on Windows.

Is there anyway of not using authentication for a given SMTP server or any other way not requiring authentication?

Thanks
 
set the mail server to localhost, or use CDONTS,

CDOSYS is better as there was an issue with CDONTS that can trunck urls etc.
 
I tried localhost, works perfectly. I usually try that option but totally forgot this time. Thanks Emagine.
 
Hello Friends :) ,

Is there any concept of SMTP proxy server?
if yes , what is the roll of it.
and how can we find such servers in the internet.

regards
sudarshana ?(
 
Hello Friends :) ,

I want to send mail using one anonymus SMTP server and i dont wat authentication, so is there any solution for this?
regards
sudarshana ?(
 
I can't see that anyone can povide an anonymous smtp server that isn't on every black list going, the whole idea of it just screams SPAM!
 
On Jodohost servers, CDOSYS and CDONTS must both use a valid email address on the domain in the "from" variable. This effectively authenticates the source of the message...

*Note* The "reply-to" variable allows for appropriate response mail when messages are sent from a form...
 
Here is a web based email script if anyone needs it. It performs basic validation and smtp authentication. I have not tested it with AOL yet but it works perfectly otherwise. I have changed the script per skypanthers comments below. This is just an example that runs "Out of the box".

sample.gif



<%@ Language=VBScript %>
<%
dim site_url,referer
dim validPost
dim vName,vEmail
dim sName,sEmail,sSubject,sMessage
dim validReferer
dim errText
dim iMsg,iConf,Flds,MailServer,UserEmail,UserPass

'get data from form
sName = Trim(Request.Form("Name"))
sEmail = Trim(Request.Form("Email"))
sSubject = Trim(Request.Form("Subject"))
sMessage = Trim(Request.Form("Message"))

'basic email validation
function isValidEmail(byval sEmail)
' very simple email validation function.
returnVal = false
if not isEmpty(sEmail) then
if instr(sEmail, "@") > 0 and instr(sEmail, ".") > 0 then
returnVal = true
end if
end if
isValidEmail = returnVal
end function

' validate required fields
if sName = "" then vName=false else vName=true end if
if not isValidEmail(sEmail) then vEmail=false else vEmail=true end if

validPost = (vName and vEmail)

' if form has not yet been submitted, set initial form state
if Trim(Request.Form("isSubmitted")) = "" then
vName=true
vEmail=true
vSubject=true
vMessage=true
end if

if validPost then ' all fields are valid


':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'SCRIPT CONFIGURATION
':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'
site_url = "yourdomain.com" 'DOMAIN where this form will reside ! DO NOT INCLUDE http://www.
page_url = "yourform.asp" 'PAGE URL (Example: form.asp)
MailServer = "mail.yourdomain.com" 'SMTP MAIL SERVER
UserEmail = "[email protected]" 'EMAIL ADDRESS for the form results (recipient)
UserPass = "password" 'PASSWORD for the POP/SMTP UserEmail account
'
':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'END CONFIGURATION
':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


'check HTTP_REFERER
referer = Request.ServerVariables("HTTP_REFERER")

' not validReferer
if InStr(1,referer,site_url,0) = 0 then
validReferer = false
errText = "<div align='center' class='errText'><b>E R R O R !</b></div><br><div class='18'>As a security measure, this form will not work when accessed from outside of the &quot;" & site_url & "&quot; domain. If you feel you have reached this page in error, please <a href='http://www." & site_url & "/'>click here</a> to try again.</div>"
else

' validReferer
validReferer = true
'SEND EMAIL using CDOSYS mail object Windows 2000+

set iMsg = Server.CreateObject("CDO.Message")
set iConf = Server.CreateObject ("CDO.Configuration")

'set and update fields properties
Set Flds = iConf.Fields

'SMTP server
Flds("http://schemas.microsoft.com/cdo/configuration/smtpserver") = MailServer
'SMTP port
Flds("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'CDO Port
Flds("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'timeout
Flds("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
'outgoing authentication
Flds("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 'basic (clear-text) authentication
Flds("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False 'Use SSL for the connection (True or False)
Flds("http://schemas.microsoft.com/cdo/configuration/sendusername") = UserEmail
Flds("http://schemas.microsoft.com/cdo/configuration/sendpassword") = UserPass

Flds.Update

Set iMsg.Configuration = iConf

iMsg.From = sName & " <" & sEmail & ">"
iMsg.Subject = sSubject
iMsg.To = UserEmail
'iMsg.HTMLBody = ""
iMsg.TextBody = "" & vbCrLf _
& "The following was submitted on " & FormatDateTime(Now(),1) & ":" & vbCrLf _
& vbCrLf _
& "Name: " & sName & vbCrLf _
& "Email: " & sEmail & vbCrLf _
& vbCrLf _
& "Message: " & vbCrLf _
& "------------------" & vbCrLf _
& sMessage & vbCrLf _
& vbCrLf _
& vbCrLf _

'' send the mail
on error goto 0
iMsg.Send

'close resources
Set iMsg = Nothing
Set iConf = Nothing
Set Flds = Nothing

end if ' end HTTP_REFERER check

else ' validPost
' re-display the form with values pre-filled
' and problem fields highlighted
end if ' validPost


%>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Sample Form to Validate and Authenticate SMTP Email</title>
<style type="text/css">
<!--
.style1 {font-size: 12px;font-weight: bold;font-family: Verdana, Arial, Helvetica, sans-serif;}
.style2 {font-size: 10px;font-family: Verdana, Arial, Helvetica, sans-serif;}
.style3 {color: #FFFFFF;font: bold;font-size: 16px;font-family: Verdana, Arial, Helvetica, sans-serif;}
td, input {font-size: 12px;font-family: Verdana, Arial, Helvetica, sans-serif;font-weight: normal;}
.error {color:#FFFF66;}
.errorItem {font-family: Tahoma, Arial;background-color: #CCCC99;font-size: 13px;}
.style4 {font-size: 18px;color: #996600;}
.style5 {color: #990000}
.style6 {color: #996600;font: bold;font-size: 14px;}
.style13 {color: #996600; font-size: 14px; }
.style17 {color: #FFFFFF; font: bold; font-size: 12px; font-family: Verdana, Arial, Helvetica, sans-serif; }
.style18 {color: #333333;text-decoration: none;}
.style14 {color: #996600;height: 2px;background-color: #996600;}
.errText {color:#990000; font-size: 16px; font-family: Verdana, Arial, Helvetica, sans-serif;}
-->
</style>
</head>

<body>


<form id="contactform" name="contactform" method="post" action="<%Response.Write request.ServerVariables("SCRIPT_NAME")%>">
<table width=100% align="center">

<tr><td align="center">
<table width="650" border="0" cellpadding="4" cellspacing="2" bgcolor="#000000">
<tr>
<td colspan="4" align="center" bgcolor="#996600" class="style1"><span class="style3">Sample Form to Email Using CDOSYS</span></td>
</tr>
<tr>
<td colspan="4" bgcolor="#666666" class="style1"><div align="center"><span class="style17">with SMTP Authentication</span></div></td>
</tr>
<tr>
<td colspan="4" align="center" bgcolor="#CCCCCC" class="style1">

<% If validPost and validReferer Then ' display success message %>
<span class="style4"><br>Success!</span><br>
<a href="<%Response.Write request.ServerVariables("SCRIPT_NAME")%>" class="style2 style18">[
back to sample form]</a><br><br>

<% ElseIf validPost and validReferer=false Then %>
<span class="style4"><br>Email Not Sent!</span><br><br>
<table align="center" width="80%"><tr><td><%= errText %></td></tr></table><br><br>
<% 'End If 'not validReferer %>

<% Else %>
<% if Trim(Request.Form("isSubmitted")) = "yes" then 'is submiited? %>
<br><br><strong><span class="style5">E R R O R ! </span>:</strong> &nbsp;&nbsp;<span class="style18">The shaded fields below are required:</span><br><br>

<% Else %>
<br>
Includes some basic validation and a site referrer check. <br>
<br>
<% End If ' is submitted? %>
<% End If 'validPost %>

</td>
</tr>
<tr>
<td width="28%" align="right" bgcolor="#FFFFFF"><span class="style13"><strong>Name:</strong></span></td>
<td width="72%" colspan="3" bgcolor="#FFFFFF"><input name="Name" type="text" value="<%Response.Write request.form("Name")%>" size="30"<%if not vName then%> class="errorItem"<% End If %>></td>
</tr>
<tr>
<td align="right" bgcolor="#FFFFFF"><span class="style13"><strong>Email:</strong></span></td>
<td colspan="3" bgcolor="#FFFFFF"><input name="Email" type="text" value="<%Response.Write request.form("Email")%>" size="30" maxlength="50"<%if not vEmail then%> class="errorItem"<% End If %>></td>
</tr>

<tr>
<td align="right" bgcolor="#FFFFFF"><span class="style13"><strong>Subject:</strong></span></td>
<td colspan="3" bgcolor="#FFFFFF"><input name="Subject" type="text" value="<%Response.Write request.form("Subject")%>" size="60"></td>
</tr>

<tr>
<td align="right" valign="top" bgcolor="#FFFFFF"><span class="style13"><strong>Message:</strong></span></td>
<td colspan="3" bgcolor="#FFFFFF"><textarea name="Message" cols="45" rows="10"><%Response.Write request.form("Message")%></textarea></td>
</tr>

<tr>
<td align="right" bgcolor="#666666" class="style1">&nbsp;</td>
<td colspan="3" bgcolor="#666666" class="style1">
<input type="hidden" name="isSubmitted" value="yes">
<input type="SUBMIT" name="Submit" value="Send Email Message" />&nbsp;</td>
</tr>
<tr>
<td colspan="4" bgcolor="#FFFFFF" class="style18">
</td>
</tr>
</table>
</td></tr></table>
</form>

</body>
</html>
 
Get data from form
sfromName = Trim(Request.Form("fromName"))
sfromEmail = Trim(Request.Form("fromEmail"))
...

Might I suggest you don't use this script. It provides ample opportunity for anyone to send mail anywhere via your script and Jodo's servers. I could create a form on my local PC with the action set to yourserver.com/yourmailerscript.asp and pass whatever data I want. There are reports of "botnets" scanning the web for such unsecured mailers, too.

Things like the to address, smpt server, smtp auth username and password, and so forth should be coded server-side to prevent such stuffing. Also, there should be some sort of referrer check to make sure the mailer script is being called from a form on your site and not off-site as I described.

Tim
 
Tim,

What do you suggest?
we have a client currently having to migrate from AspEmail....casuae it does not authenticate ( on the free version)

If you wanna PM, please, feel free.

Thanks everyone.
 
I'm not sure what to recommend on the ASP side for a pre-built mailer. I built one for PHP but it's limited in that you can't include custom form fields. (http://skypanther.com/spmailer.php)

If you're going to do you own scripting (starting with the above code for example), you could do the following:

* Check the referrer so that the form can be called only from a page on your web site
* Check for and/or strip out extra HTML header information in any fields that can be provided by users.
* Check the validity of any user-supplied data (email addresses are valid, no header or SQL code included, etc.)

See http://www.nyphp.org/phundamentals/email_header_injection.php for more info on header injection.

Tim
 
Back
Top