Blosxthis

blosxthis: blosxom blogging via email.

I really like the simplicity of blosxom. But sometimes I'm not able to easily create a file on the blog server. When borrowing a friend's Treo, I started thinking about blogging via Email or SMS messages. So here's the code for mailing in blog entries, deleting them, and a minimal ability to edit blosxom files.

news using blosxthis setup notes security license

news

Well, somebody else got the first published program for emailing to blosxome blog. Blosmail can be found here. Personally I like my paranoid bloated version better, but then I would.

I've also got a beta version of blosxthis that includes support for saving and linking jpeg attachments. That code lives here. It's an ugly perl hack, but should be safe.

Using blosxthis

In order to keep other people from emailing moby dick onto your blog, all actions require a password. If you want more security, read the note below on security

To send in a new blog entry, write a message with any subject and a message body like this:
blog-this: password
Anything you want as your Blog entry Subject Line
Body of Blog entry starts here and goes on for as many lines as you want.
To delete a blog entry, look at the blosxom web page and click on the # next to the blog entry you want to delete. At the far right hand of the url, there's going to be a #, followed by a name or some numbers. This is the name of the file you want to delete.
Then send a message that starts with this:
kill-this: password filename
Editing is kind of a hack. Really what you're doing is replacing the old message with a new message. Once again, you need to know the file name. Then send in mail like this:
edit-this: password filename
New Subject (that you cut & pasted from the current subject)
New Message body (that you cut & pasted & edited from current message body )

Setting up Blosxthis

The software is here.
To set up the software:

This only works if you are running a mail server such as sendmail, postfix or qmail on your web server. OS X heads who want to use the built in sendmail should look here.
Copy the blosxthis.pl file some place where it can be executed. ( your home directory or /usr/local/bin )
Make sure you have write permission to a blosxom blog directory.
You need to set up your mail delivery system so that mail to a specific mail account gets piped through blosxthis. How this works depends on your email software.
- If you're lucky enough to be using qmail, do the following:
  echo "|/path/to/blosxthis.pl password /path/to/blosxom-dir"> $HOME/.qmail-blog
  . Now you can send mail to yourname-blog@example.edu, and if the password is matched, the file will be dumped into the appropriate directory.
- For sendmail or postfix, you should use procmail. Unfortunately, I'm not a procmail guru. This should work, but if you have trouble or it sets your machine on fire, I'm not the person who will make it all better. Mail me any improvements you make.
  - echo "|exec /usr/bin/procmail || exit 75" > $HOME/.forward
  - create a .procmailrc file that looks like this:
```
:0 
* ^Subject:\ *blogthis  
|/path/to/blosxthis.pl password /path/to/blosxom-dir

:0:
*
$DEFAULT
```
  - Any mail you send to yourself with a subject of "blogthis" will now be sent to blosxthis.pl
- Make sure that nobody else can read or modify your .qmail or .procmail rc file. From a command prompt, try chmod 0600 .qmail-blog
- Start sending blog mail!

Random notes

If you are blogging via SMS, it makes sense to go with the high security passwords, since they're actually shorter to type.

High security mail blogging

We normally use a unencrypted password to prevent other people from posting mail to our blog. Most people won't worry about the fact that their mail gets stored on dozens of machines, sent over wireless networks and may be accidentally bounced to a mail administrator.

If you are one of the people who do worry, here's the high tech solution. Instead of mailing the password every time, we hash (encrypt) the password 20 times and print out a list of 4 digit hashes. Print out & carry this list or put it on your Palm pilot. The first time you want to send a blog entry, you use the 20th hash and scratch it off the list. The second time you use the 19th and so on. If you forget where you are on the list, jump down to a low number. You can always go to a lower number, but you can never reuse a number or jump back up to a higher number. And neither can an atacker, which is the whole point.

When you've used up your list of 20, just generate a new list of 20 or 200 or however many you want.

You can generate the list of hashes with the buildhash.pl program. This program also asks you for the name of your count file, which keeps track of how many hashes you've generated and how many you've used.

You also need to edit the line in your mail forwarding file to include the path to the count file.
|./blosxthis password /path/to/blogdir /path/to/countfile.

General Warnings, disclaimer & license

This script was written with security in mind. However, if it does fail, it will probably mean that hackers can put files on your web server. This is generally the start of a really bad day.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.