This PHP Mime Mail Parser library is very useful:
https://github.com/php-mime-mail-parser/php-mime-mail-parser
Example request:
$arrayHeaderTo = $parser->getAddresses('to');
It lets you analyze the intended recipient, sender, subject, etc., of an email message in RFC822 standards format.
For those like me that are even more curious about an email message, such as which mailserver originated the message, I'd like to extend the library to have a dependable way to print this value, regardless of how it's found in the headers.
https://toolbox.googleapps.com/apps/messageheader/analyzeheader
Google provides a tool for analyzing message headers. I pasted an example here:
In this example, it would extract that complete server address ( ec2-54-245-11-255.us-west-2.compute.amazonaws.com ), and if possible, that server's IP, too. Assuming a good deal of these two values (mailserver, mailserverIP) are going to be spoofed, I would still like to see the values that are included in the header, dependably, regardless of how that header is structured, or wherein they appear.
So I guess this is a question for those who are very familiar with email headers, and a solid way to read them to extract this information.
Related
The company I work for provides bulk-mailing functionality to our clients [double opt-in, not spam, I promise] and we get a figurative ton of reports back via Feedback Loops from AOL, Comcast, Yahoo, etc. These are generally from people that signed up, don't want it anymore, have been conditioned to not click 'Unsubscribe' links, [because "that's how the spammers get you"] and simply mark all the messages as spam.
Now, these FBL emails follow a specific format where the message is multipart, there are one or two text parts, and then the original message is attached, usually with all recipient information stripped out. This attached email is also multipart and contains the unsubscribe link, but the section in the attached email the link occurs in is quoted-printable encoded and the link is longer than what quoted-printable allows for in a line, so it get munged. Occasionally the section seems to get base64-encoded, I think it happens if the client is using a fancy language like chinese/japanese/etc.
What I need is a mime/multipart data parser that can give me these parts. PHP has oh so helpfully not implemented any form of multipart parser that I can find outside of what's internal to either their horrid IMAP functions, or internal to PHP itself which processes multipart form data.
Does anyone know of something I can use for this short of having to write my own? I had found one script, but it relies on old PECL functionality that relies on a custom-compilation of PHP which is not an option for this server.
TL;DR: PHP's imap_* functions will parse the parts of the message received from the server, but I need to parse the parts of an email attached to the email downloaded from the server.
This guy's script is ugly as sin, but it gets the job done:
http://www.phpclasses.org/package/3169-PHP-Decode-MIME-e-mail-messages.html
Is it possible to send a MIME message as it is, without adding any headers? For example, if I have a correct MIME message with all headers and content saved to a text file, is it possible to use the contents of this file without modification and send it via SMTP?
Apparently both python's SMTP.sendmail and PHP smtp::mail require at least "To:" and "From:", and passing the complete message to these functions doesn't seem to work.
It appears from the documentation that python's SMTP.sendmail should take a sender, a set of recipients, and a verbatim MIME message like the one you have. (The split here between the sender/recipients and the message itself is because you're talking SMTP. The SMTP envelope determines the actual recipients and is actually independent of the message payload.) So you should be good to go with SMTP.sendmail.
You could read up to the first blank line, use those as additional headers, then send the rest in the body.
I'm creating a feedback webpage. I want to just take a textarea of user input and ship it off to myself with the mail function. Is it safe to do the following:
mail("me#blah.com", "Feedback!", $_POST['feedback'], "From: myself#blah.com");
/* (to) (subject) (message) (headers) */
Or do I need to somehow escape or sanitize $_POST['feedback']?
Yes, you should sanitize it as a general practice, but there's not too much that can go wrong here, just make sure that in the headers you specify:
Content-Type: text/plain
Then no user can send anything "malicious" for you to click on, perform some sort of tracking, etc. (EDIT: without you knowing what it is, of course; what I mean is, no misleading links, 1x1 transparent GIFs or the like)
As stilstanding said - you still need to sanitize any user-supplied data.
I would also recommend using a script like PHPMailer to create and send email messages. This will take care of formatting the message securely and makes tasks like sending multipart html/text messages much easier:
http://sourceforge.net/projects/phpmailer/
Depends on who is receiving the message. E.g. if it's GMail, they have their fair arsenal of escaping anything there, and anyone will have a really hard time injecting anything into it. But say, if someone is going to look at the message from some webmail, and if that webmail is of an outdated version, someone with a bad intention might be able to do something bad.
If you are not going to check for <script> tags and such, you have to do no escaping. But you'd better encode your email in quoted-printable, for deliverability rather than security, a task which is best done by a good mail class/function like Zend_Mail. And you can use it stand-alone (i.e. without the other library components).
"Sanitize" is a kind of vague term. There are different types of encoding for different purposes.
If you're sending plain-text messages, I don't think you need to worry about encoding them. PHP's mail function should take care of any encoding needed.
If you're sending HTML messages, then you do need to HTML-encode all HTML attributes and content, regardless of whether the values come from the user or not.
I understand there are php IMAP functions to extract certain elements from an email stored in a mailbox. What I am trying to discover is whether this can translate to emails piped to a script.
The scripts that I have looked at for extracting the body and attachments are fairly inflexible and bulky. I sent my pipe script a variety of different email formats and it saved them in vastly different ways which makes me wary of starting to write a script myself.
Also as some of the emails sent from my work address attach a signature. Does anyone have any ideas how to combat this. I have a bunch of rather daft people who won't even understand the term 'don't add a signature when sending this email', or 'send in plain text only'.
AFAIK, the format for storing messages is not defined by any RFC however deliver, procmail and .forward all rely on the the headers being seperated from the body by a blank line.
I am looking for a solution that will enable me to connect to a mailbox, obtain an email, apply specific modifications to the email body (for example, change the content), and then forward the newly modified email to a new email address.
The trick is that such modification must not destroy the format and headers of the original email and I must not lose any attachments that were in the original email.
The sort of manipulation that will be performed will need to be done by an external process that knows the logic of my application.
The solution I am looking for can be an external software that can invoke some API for processing the content of the emails, or even API by itself that my code will invoke.
Our solution is currently based on PHP, but any other solution is also acceptable.
I started working with the Zend Mail library but I am running into problem having to understand the inner-workings of email formats. I wouldn't want to start messing around with the mime objects in the email format. I only want to alter the textual content of the message and keep the rest untouched.
http://php.net/manual/en/book.imap.php - functions that let you manipulate email systems.
What mail server are you using? In qmail its easy to process any incomming email. You can put any script in any language to process the lines of the email.
If you have IMAP access to your server you can use the php IMAP lib. http://www.php.net/manual/en/book.imap.php
I wrote a library as part of a larger open source app that may help you a bit. Its an object orientated wrapper around the PHP imap functions and can be found at google code.
Unfortunately this doesn't do exactly what you want. What in the message are you trying to change? I may be possible to just grab a raw version and specifically search out what you want to change, ignoring the whole mimetype processing altogether, and then just send the whole message along again.
Resending the email is simple enough, and this (small tutorial)* on sending email with attachments can refresh you on the basics (although most of what is in there you can skip as the attachments and mimetypes will already be built).
* I can't post the link because my reputation isn't high enough for two links in a single post, so I'll add it in a comment.