#!/usr/bin/perl -wT

######
# logmail: Attempt to log when someone reads the email you send
# Author: Jimmy Scott
# Nick: Sick`
# Mail: jimmy *at* inet-solutions.be
# Address:      Jimmy Scott
#               Goordijk 66
#               2930 BRASSCHAAT
#               BELGIUM
# source: http://pub.devbox.be
###
#
# Proof of concept:
#
# Point the script to an image, make the logfile writable by apache,
# you can set the uappnd flag for security reasons.
#
# Make a link to the URL(!) in your HTML email source,
# DO NOT ADD IT INLINE !!!
# telnet test could be like this:
#
# helo example.com
# mail from: noreply@example.com
# rcpt to: roreply@example.com
# data
# Content-type: text/html
# 
# <html>
# <body>
# <img src="http://www.yoururlhere.tld/thisfile.pl?messg=IreadYourEmail">
# </body>
# </html>
# .
#
###
#
# Copyright (C) 2004 Jimmy Scott <http://www.devbox.be>
#
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
#   1. Redistributions of source code must retain the above copyright notice,
#      this list of conditions and the following disclaimer.
#
#   2. Redistributions in binary form must reproduce the above copyright
#      notice, this list of conditions and the following disclaimer in the
#      documentation and/or other materials provided with the distribution.
#
#   3. The names of the authors may not be used to endorse or promote products
#      derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
# THE POSSIBILITY OF SUCH DAMAGE.
#
######

package main;

use strict;
use CGI 'param';

my $filename="readfile.gif";     # filename of the image
my $filetype="image/gif";        # image HTTP header
my $logfile="openlog.txt";       # logfile writable by the webserver user

if (open FH, ">> $logfile") {
   my ($rhost,$fhost,$messg,$usrag);

   $rhost = $ENV{'REMOTE_ADDR'} || "n/a";
   $fhost = $ENV{'HTTP_X_FORWARDED_FOR'} || "n/a";
   $usrag = $ENV{'HTTP_USER_AGENT'} || "n/a";
   if (param('messg')) {
      $messg = substr param('messg'),0,100;   # max 100 chars!
   } else {
      $messg = "n/a";
   }

   $messg =~ s/[^a-zA-Z0-9{}()<>~:;!@#%&^_='"`,\-\+\\\/\*\.\?\[\]\|\$\ ]//g;

   print FH ">>\n";
   print FH "   Date = ", scalar(localtime), "\n";
   print FH "   Address = $rhost\n";
   print FH "   Fowarded for = $fhost\n";
   print FH "   User agent = $usrag\n";
   print FH "   Message = $messg\n";
   print FH "\n";

   close FH;
} else {
   warn "Could not open logfile for writing `$logfile': $!\n";
}

if (open FH, "$filename") {
   my $bytes;

   $bytes = (stat ($filename))[7];

   print "Content-type: $filetype", "\n";
   print "Content-length: $bytes", "\n";
   print "Pragma: no-cache", "\n\n";

   binmode FH;
   print <FH>;
   close FH;
} else {
   print "Status: 404 Not Found", "\n\n";
   print "The requested URL was not found on this server.", "\n"; 
}

exit;