New Features

Version 2.12

Introduced CookMail Lite for easier installation and better portability.

Version 2.11

Better error messages in case of error.

Version 2.1

MIME support.
Carbon copy email to viewer.

Version 2.0

Nothing new. This is a nearly complete re-write of CookMail to port it to Windows NT. It should behave the same as version 1.61.

Version 1.6

Added manual concatenation of strings of the same field across the form. For more information, check out the example feedback form.

Version 1.5

Add handling options for empty input fields.
Multiple selection strings are now configurable.
Improved handling for multiple selections

Version 1.0

The first version of CookMail

Bug Fixes

Version 2.14c
1. Stronger file type checks. The following suffixes are now forbidden, case-insensitive:
  jsp exe bat asp pl php cgi
2. Stronger file format checks. Now SHOW and FORM format files must contain one of the following tags, case-sensitive:
  <HTML> <html> ${EMAIL} </HTML> </html> ${SUBJECT} ${NAME}
Version 2.14/2.14b
1. It was still possible for outsiders to read files in /etc/ directory. -Submitted by Martin Bene mb@sime.com
Version 2.13d
1. In the no HTTP/1.0 header verion, the header still appears in user formatted files. -Submitted by Zoila Cerrada zoilac@eccs.com
Version 2.13c
1. Made four versions of CookMail for NT on intel, two versions (regular and lite) that send HTTP/1.0 200 OK and two version that don't. This should fix the problem that CookMail runs fine on one server but not on the other. The main cause of the problem is that IIS required this header which is not in the CGI specification. Don't you just hate Microsoft?
Version 2.13b
1. Change back BLAT.EXE to the one used in CookMail 2.12.
2. Renamed BLAT.EXE to COOKBLAT.EXE so that other scripts which also use BLAT may run properly.
3. Changed the way of using COOKBLAT.EXE. This should remove the problem of ^? at end of email.
4. Cleaner code than 2.13. Should be compiled with any standard ANSI C compiler.
Version 2.13
1. Fixed a bug using CCFORM.
2. Fixed a MIME encoding bug, although this bug did not produce any difference on output.
3. Cleaned up the source code. There should be no if any annoying warning messages during compilation.
4. AIX's CC compiler has trouble to compile CookMail's C code. Use gcc instead. If you don't have gcc, please download the binaries.
Version 2.12
1. I spelled "below" as "bellow" :( -Submitted by Brian Youngstrom briany@icarus.weber.edu
Version 1.61
1. Previous verions of CookMail allow server side include and server side execute texts in input fields. This version fixes this problem.
Version 1.52
1. The "TO" field in version 1.5 did not accept any email addresses containing "-" or "_" characters. -Submitted by os@sime.com
Version 1.5
1. Improved some security in TO address.

Potential Problems and Their Fixes

Regular versions of CookMail use "Location:" instead of "Content-type:" to display its output. Although this method gives CookMail some powerful features, such as running CGI scripts in the output, it also leaves a temperary file in the /tmp directory everytime cookmail runs. There should be a cron job periodically removing these temperary files (/tmp/owebm* on Unix and c:\temp\oweb*.* on Windows) if there hasn't been a similar one. Using CookMail Lite can avoid this trouble.
Security in CookMail
Previous versions of CookMail (before 2.14) have some flaws in security that allows hackers to download files that are readable by world. One of such files is /etc/passwd. Although this file does not actually contains any password information on most systems (even if it does, they are encrypted.), it does provide a list of usernames for hackers who attempt to break them. Malacious hackers could also execute some commands as the uid of HTTPD (never ever run HTTPD as root). If you downloaded CookMail before 10/8/2001, please download it again. BTW, don't just look at CookMail alone. There may be tons of CGI programs on your web sites having the similar problem. I have been actively trying to fix all the potential security bugs founded.
Additional minor bugs/warnings/problems are stated in cookmail.c.
Be warned:
Install and use CookMail at your own risk!

Registration & Copyright

CookMail is a freeware. You are encouraged to use and distribute it to anyone freely. Modifications of this software are allowed on the base that these modifications are not distributed. There is no registration required for this program, but I strongly suggest that you subscribe to the cookmail-l list (see below) for the lastest release/bug fix.

Your email address:

If you like using CookMail, please send me a postcard. :)

	Heng Yuan
	2333 E. Eastland
	Tucson, AZ  85719
	U.S.A.