I have a "lesser of two evils" quandary. The site I'm working on doesn't have SSL. So, I'm getting the SMTP issues described here: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#php-56-certificate-verification-failure
So, the options seem to be...
Using the php mail() function via PHPMailer by NOT using the built-in $mail->isSMTP(); part of PHPMailer.
Going with the "less secure way" of sending SMTP mail as described in the link above.
Can someone who knows about this sort of thing weigh in with pros/cons of either route? Thanks.
Those two are not the only options. Figure out why the certificate is failing to verify using the tests shown in the guide.
PHPMailer will use encryption if either a) you ask it to, or b) if your server says it supports it, in which case it's enabled automatically.
If your server is presenting a self-signed or expired cert, it will fail to verify - you can either get a real cert, tell your mail server to stop advertising encryption if it's not configured, or tell PHPMailer not to use encryption at all by setting SMTPSecure = false and SMTPAutoTLS = false.
Not using isSMTP isn't any more secure - all that happens is the same connection happens from your local mail server, where it may (depending on your mail server's settings) face exactly the same issue.
Related
I'm using PHPMailer and having a hard time getting isSMTP on bluehost to work. I have been able to get isMail to work and am wondering what the difference is in sending mail. Also, it seems that I'm getting a HELO or authentication error when trying to use isSMTP but bluehost says my setting are correct. I'm using SSL and port 465.
isMail and isSMTP are convenience methods to set the value of PHPMailer's Mailer property. This property determines how PHPMailer goes about sending a message after it has built it. With isMail, it's sent using PHP"s mail function. With isSMTP, it uses PHPMailer's accompanying SMTP class to act as an SMTP client, talking to a mail server directly.
Using the mail function requires that you have a mail server installed and running on your local machine - which, historically at least, has not been the case with Windows in particular. Generally using the mail function is fairly fast because it does not need to talk to a remote host, however, it's quite inefficient given that it actually acts as a front to the system's own sendmail binary, which simply opens a synchronous SMTP connection to localhost. You'll also get much less feedback - the mail function returns boolean value, so if it doesn't work it's hard to tell why it failed, and you will probably need to look in your mail server's logs to find out.
You can use the SMTP route to send to either local or remote mail servers, and typically SMTP to localhost is the fastest way to send. Because PHPMailer uses its own SMTP client to do this, it means it can see the whole SMTP conversation, and thus gets much better feedback when things don't work - you can set SMTPDebug = 2 and see the whole conversation.
There are various thngs that can go wrong, and the best place to track down the root cause is to read the PHPMailer troubleshooting guide.
How do I send an email to my exchange server? When I set the php.ini file with send_from="x#domain.com" it says 550 verification failed. How do I verify myself?
I am using SMTP: mail.domain.com
Its probably a good idea to use a class like phpmailer http://sourceforge.net/projects/phpmailer/ to do this.
That way if you have multiple projects that need to send via a different account or different servers then you won't have any problems.
The error you're getting is because your exchange server requires authentication and your script isn't using authentication or its using the wrong information. I've never really relied on the built in php sendmail functions so I can't be 100% sure but I don't think it supports authentication. (I might be wrong on that point, but I still recommend a class that you can configure per script over a globally configured mail account)
I'm getting a 'could not instantiate mail function' error from PHPMailer. From reading around, I understand this to mean that the PHP mail() function isn't working for some reason.
The results of phpinfo() for the mail settings are:
To me, this means that mail() should work and that port 25 is open. Is that right?
Is there anything else I can check to make this work please? I had a look at the docs for the mail() function, but I couldn't see what exceptions it threw and how I'd print them out to screen. I did a:
mail('name#email.com', "test", "test") or die("Doesn't work");
type test, but that's my error message and I could do with something a bit more helpful.
Grateful for any help on this.
Many thanks
it doesn't mean port 25 is open, it just means that PHP should use port 25 for contacting the SMTP server. You don't state what OS you're on, but note that sendmail would be a unix-only thing, and will fail if you're on Windows.
That list merely show you your current settings. That doesn't mean that they are right. :)
Your localhost is probably not configured to be a mail server. Set the smtp server to a real server than can be reached from your PHP server.
I am probably way off, but check to see if sendmail is installed, maybe it is malfunctioning. This depends on your OS.
The settings from phpinfo() show the PHP is set up to use SMTP but it does not mean that you have an SMTP server set up on the machine. Your error message suggests that one is not setup.
Good luck
My answer would be - don't send emails by calling Sendmail. The sendmail method (or ANY local method) is a mess of pitfalls... and even if you get past those issues, the bottom line is many spam filters (at the places you send mail TO) simply do not like this type of mail.
To provide just a little detail why the sendmail approach is bad, your sendmail daemon is unlikely to be configured to have an SMTP HELO which matches the reverse DNS of your IP address. Your webserver is unlikely to have valid reverse DNS matching a standard hostname. NO reverse DNS at all is bad, as is rdns like 123-123-123-123-static.someisp.com. SpamAssassing will flag such "unconfigured or default reverse DNS" hosts for example.
Fortunately you don't need to understand or fix everything I just said. The much simpler to accomplish (and easier to test/debug) is to GATEWAY your emails through a working SMTP mailserver. To do this:
1a) Install PHPMailer http://phpmailer.worxware.com/ ... OR
1b) Install the PEAR Mail() library http://pear.php.net/package/Mail
Either 1a or 1b will replace the limited "mail()" function in PHP. These replacements support both SMTP, and Authenticated SMTP.
2) I suggest using Authenticated SMTP over plain SMTP. Either works, but with authenticated SMTP you can literally send mail through another mail server just as IF your script were a local email client like Outlook. This has major benefits. For example, if you are a company sending mail, your mail is more likely to be trusted by remote/target mailservers, since your mailserver has a good reputation and (hopefully) proper reverse DNS setup. But if you originate the email off a webserver, you have none of that (and if you use shared webhosting, you will inherit the email reputation of whatever other sites run on your webserver IP.).
I know this is possible, but can I do without a remote SMTP server or the like? Basically I want to send mail with PHP, but without mail()
I'm unsure what you exactly mean with 'without a remote SMTP server', as in any mail delivery at least one of those has to be involved - the one receiving mail on account of the recipient...
What you can probably do (it's up to you to decide if it's worth the effort) is to use PHP's socket functions to open a connection on port 25 with a remote mail server. Google 'SMTP telnet' for some examples of how a SMTP session looks like (quite simple, to be true) and then google for 'SMTP codes' for more explanations of what the remote server is saying you.
Possible, but not entirely trivial considering the fact that you should be familiar with SMTP, POP3 and/or IMAP to actually exchange data with a mail server.
You need to code your app so it mimics the behavior of an MTA, that is if you're going to do what the mail() function does - and using sockets. If you're on Linux, another option is to make an OS call to sendmail.
To not use mail() look into PHPMailer
I use this library for all my e-mailing code. I've extended it to have a debug mode so I can intercept outgoing e-mails while testing code.
I could be wrong but you will always be using an SMTP server even if that server is just the webserver with sendmail on it. If you were running your PHP on windows you'd need to enable IIS's in built SMTP service.
i tried googling but sadly i get only documentations (or am i using bad keywords)
anyway
i can see that alot of programmers (even those im working with right now) does not seem to approve to using the php native mail function and resorts to using some other framework like sendmail? swift mailer etc...
i'd like to know why? are there really disadvantages to using the native mail function?
if so how does the mailing frameworkds solve that or how are they better??
There's nothing wrong with it for sending simple plain text emails.
However, once you get into multipart mime emails (say, you want an HTML version or to add an attachment) then you have to build the email yourself, and it can be quite tricky to get all the headers and encoding correct. In this case you're better off using a library.
The PHP manual for function mail mentions that there are some restrictions with the mail function and one of these are that the function opens and closes an SMTP socket for each email. The mail function works good when you just want to send a mail or two.
As far as I'm concerned, all of these problems pale in comparison to the major security problem:
Mail header injection: ( http://en.wikipedia.org/wiki/E-mail_injection , and php specific info: http://www.damonkohler.com/2008/12/email-injection.html )
Whereby a spammer bot spiders your site and, finding a vulnerability in your script that is easy to still have when using the very insecure mail() function, IS ABLE TO SEND EMAIL FROM YOUR SERVER TO AN ARBITRARY LIST OF CONTACTS, essentially turning your script & server into a cog in their spam email machine.
I recommend never using mail() with user input, and in general, just making use of PEAR::mail instead. http://pear.php.net/package/Mail/
Using PHP's mail() function requires a properly configured sendmail or equivalent on the host the program is running. However, the Windows implementation is a bit different. If you don't have your MTA configured properly, you won't be able to successfully send emails from your PHP scripts. Like another commenter said on this thread, PHP manual explicitly states that each call to the mail() function opens and closes a socket. This can cause unnecessary delay in script execution.
Additionally, your development and testing environment may not have a public static IP address. Your IP address might be blacklisted by DNSBL, Gmail, Yahoo! and other popular email service providers.
Your best bet in this situation is to use a properly configured external SMTP server. Chances are your employer has already provided an email account with SMTP access. If you don't have one you can use a Gmail account. Gmail provides SMTP access to all email accounts.
You can write scripts to open a socket connection to the external SMTP server. When there are tried and tested open source libraries for this purpose, why write your own?
Incidentally, I wrote a blog post on the very same subject yesterday: Using SMTP With Zend Framework - Solve Email Delivery Problem
Best regards,