i'm using this google class and code https://code.google.com/p/php-smtp-email-validation/ to check an array of emails and get which is real and which isn't.
But im getting an error:
unable to connect to example.com:25 (Connection timed out)
Error: Could not connect to a valid mail server for this email address: #example.com
I didn't find anything like that and i already have disabled firewall and etc...
Well still not working:
Array
(
[mx4.hotmail.com] => 5
[mx3.hotmail.com] => 5
[mx2.hotmail.com] => 5
[mx1.hotmail.com] => 5
[hotmail.com] => 0
)
try mx4.hotmail.com:25
<<<
220 BAY004-MC6F11.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx. Wed, 24 Sep 2014 10:15:49 -0700
>>>
HELO yourdomain.com
<<<
250 BAY004-MC6F11.hotmail.com (3.20.0.138) Hello [177.2.47.23]
>>>
MAIL FROM: <user#yourdomain.com>
<<<
250 user#yourdomain.com....Sender OK
>>>
RCPT TO: <thiago.sabin#hotmail.com>
<<<
250 thiago.sabin#hotmail.com
>>>
RSET
<<<
554 Transaction failed
>>>
quit
<<<
As i can see the sender is okay and im trying to check my personal email thiago.sabin#hotmail.com and that's the answer...
This code is actually really simple but i can't make that "transaction" to work
The example code works as intended, as user#example.com, though it has a valid format, isn't a valid email address because example.com doesn't host a mail server. Google's example code contacts the receiving mail server to see if the given address exists on it. Try replacing user#example.com with another email address, like your own, and running the code again.
Edit: There are many posts which say that using smtp verification is a bad idea. It seems to 1) not work on many smtp servers and 2) make it look like you're a spammer. I would advise just sticking to verifying that the email address is the proper format, and forgo the use of SMTP verification.
Related
If a user supplies an email, let's say something like hello.world#example.com, is there a public database where I can programmatically lookup the connection information for their Mail server (my service would let the user supply an email which then would allow my software to send automated emails from it.)
How can I find out if their server is pop3, Imap or smtp programatically. What about the port and security protocol (tls or ssl)?
How can I find out if the mail server is a different domain then the email's suffix. (I.e. the user is using shared hosting.)
Are there only paid options for this service?
Note: it is preferred that the solution be in PHP, or even better, a http REST service.
Yes, you can do this. At least for SMTP. And... you can send an email as a specific user easily....
Explanation of how a client sends an email
When an email client goes to send an email to does the following steps:
It extracts the domain portion portion of the email, e.g., "gmail.com" given "bob#gmail.com"
It checks to see if there is a DNS record published called an Mail Exchange or MX record. An MX record contains the following information:
Time To Live, i.e., how long the record is valid for
Weight, i.e., what order the client should attempt connections. Lowest to highest
The server A record, or IP address.
You can use the dig or nslookup command to query for MX records published for a domain.
Examples:
root#dib:~# nslookup -querytype=mx gmail.com
Server: 172.31.0.2
Address: 172.31.0.2#53
Non-authoritative answer:
gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com.
Authoritative answers can be found from:
root#dib:~# dig +short MX gmail.com
40 alt4.gmail-smtp-in.l.google.com.
5 gmail-smtp-in.l.google.com.
10 alt1.gmail-smtp-in.l.google.com.
20 alt2.gmail-smtp-in.l.google.com.
30 alt3.gmail-smtp-in.l.google.com.
If there is an MX record, the client attempts to make a port 25 connection to the server listed. In this example we are going to use gmail-smtp-in.l.google.com. A quick test is to check to see if a banner is displayed when you connect.
Example using telnet:
root#dib:~# telnet gmail-smtp-in.l.google.com 25
Trying 74.125.197.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP m8-v6si7680016plt.29 - gsmtp
quit
221 2.0.0 closing connection m8-v6si7680016plt.29 - gsmtp
Connection closed by foreign host.
The banner is the 220 mx.google.com ESMTP b8-v6si8705269pls.261 - gsmtp part.
Most email clients use opportunistic TLS, i.e., if the server offers TLS it will use it, if not it doesn't. To determine if the server is offering TLS we need to issue an EHLO command. This is the extended SMTP Hello. What we are looking for is a STARTTLS command being offered.
Example:
root#dib:~# telnet gmail-smtp-in.l.google.com 25
Trying 74.125.197.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP s83-v6si8350062pfg.175 - gsmtp
ehlo stackoverflow.com
250-mx.google.com at your service, [123.123.123.123]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
quit
221 2.0.0 closing connection s83-v6si8350062pfg.175 - gsmtp
Connection closed by foreign host.
We can see that the SMTP servers for the domain gmail.com are indeed offering TLS.
I am not going to explain the rest of the SMTP conversation but you can Google it... :)
Solution for answering these things with PHP
"is there a public database where I can programmatically lookup the connection information for their Mail server"
Yes, the database is the Domain Name System. There are many ways to do it; however, PHP has a nifty builtin function for this. It is getmxrr().
Example:
root#dib:~# cat mxrecord.php
<?php
$email_addr = "bob#gmail.com";
list($local, $domain) = explode('#', $email_addr);
getmxrr($domain, $mxrecords); // http://php.net/manual/en/function.getmxrr.php
var_dump($mxrecords);
?>
root#dib:~# php mxrecord.php
array(5) {
[0]=>
string(26) "gmail-smtp-in.l.google.com"
[1]=>
string(31) "alt1.gmail-smtp-in.l.google.com"
[2]=>
string(31) "alt2.gmail-smtp-in.l.google.com"
[3]=>
string(31) "alt3.gmail-smtp-in.l.google.com"
[4]=>
string(31) "alt4.gmail-smtp-in.l.google.com"
}
You can loop through the results and answer you question "How can I find out if the mail server is a different domain then the email's suffix".
"What about the port and security protocol?" The port is always 25. That is why we have protocol definitions. The security protocol is a little trickier...
Basically, if you want to know things like; protocol, cipher, Certificate Authority, etc... you need to use the OpenSSL library... or just parse the open for openssl s_client ... This would make this a really long answer if I covered the TLS bit here too... but ... run this in a shell and check out the output:
openssl s_client -connect gmail-smtp-in.l.google.com:25 -starttls smtp
This basically just handles the TLS handshake with the server and spits out all the information you want. PHP has OpenSSL libs so you can likely use those from within PHP ...
Sending an email as another user
Basically, unless an email server implements SPF of something of the like, you can "spoof" the sender, i.e., put whatever you want in the mail from command. This is an extremely common practice, however, some email servers will block spoofs. There are things you can do to make your emails more likely to be received.
This isn't possible programatically. I am not aware of any well-maintained APIs that provide this service but you could generate your own using by pre-populating a database table with the major email provider (gmail, hotmail etc.) settings. There is a list e.g. here: https://domar.com/smtp_pop3_server
If your user has a different provider you could try some educated guesses, e.g. smtp.domain.com, mail.domain.com or you could use the PHP function getmxrr and try connecting to the MX server, as some smaller providers will use the same server for MX and SMTP (this is not a guarantee though, hence trying the others first).
When I say "try" I mean using PHP sockets to connect to e.g. port 25 (for SMTP) on the domain under examination and checking if you get a valid response.
Your final fallback would be asking users to provide the details themselves.
false, those answers are for incoming smtp server, for outcoming smtp server you need to check on mail provider settings *may be is your same hosting provider or a 3th party mail provider
I've downloadet this verify e-mail class:
http://www.phpclasses.org/browse/package/6650/download/zip.html
and it mostly works well. if I'm trying to test a : #gmx/#live-mail, it allways say: this email doesn't exist. But I know that they're existing ( cause these are my emails ). I don't really now why? the information I'm getting if I'm searching for #gmx/#live are:
#live:
220 BLU004-MC1F11.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx. Thu, 21 Apr 2016 02:21:42 -0700
Connection success mx1.hotmail.com
HELO bla.is
250 BLU004-MC1F11.hotmail.com (3.21.0.236) Hello [217.13.193.253]
MAIL FROM: <blabla#bla.is>
250 blabla#bla.is....Sender OK
RCPT TO: <unicorncookie#live.de>
550 Requested action not taken: mailbox unavailable
RSET
QUIT
email <unicorncookie#live.de> does not exist!
#gmx:
220 gmx.net (mxgmx008) Nemesis ESMTP Service ready
Connection success mx00.emig.gmx.net
HELO bla.is
250 gmx.net Hello bla.is [217.13.193.253]
MAIL FROM: <blabla#bla.is>
250 Requested mail action okay, completed
RCPT TO: <unicorncookie#gmx.net>
550 Requested action not taken: mailbox unavailable
RSET
QUIT
email <unicorncookie#gmx.net> does not exist!
Does anyone have an idea why this class cant reach there mailbox? is it maybe because I'm using the port 25? I've never did something like that, so I'm really confused
thanks for any help :)
I'm having trouble sending e-mail on my PHP/Apache docker container via sendmail. I'm wondering if someone has a simple, straight forward solution. I am not a systems/server expert by any far stretch and my smtp/sendmail expertise is equally underwhelming. Thanks in advance for the help.
Below is the error I'm recieiving:
sendmail: 553 5.1.8 <apache#a0aca7313106>... Domain of sender address apache#a0aca7313106 does not exist
Clearly apache is my user, and that stuff to the right is my docker container ID. There is a "From:" header value within the pHp Mail parameters being passed, so not sure why it's defaulting to this.
As requested by the comment below, I am adding the "mail" function that is being used. I can confirm there is data within this function, specifically the "$this->headers" which contains a From address.
It should be noticed that I am running the exact same code in a non-containerized environment, and the e-mail gets sent fine so I believe it's a container configuration issue. These are the areas of the php.ini that I have modified. Is there something else I should be looking for?
[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost
; http://php.net/smtp-port
smtp_port = 25
I changed "localhost" to the smtp server listed on my non-containerized environment, restarted apache in the container, but still recieved the error message above.
I am able to connect to my external SMTP server via telnet using the reference listed in the comments below (thanks #mark91). This is my output/transcript. I should mention that my e-mail was never actually received, however (I listed myself as the recipient). I masked the info with *******'s
telnet smtp.service.******* 25
Trying *******...
Connected to *******.
Escape character is '^]'.
220 ******* ESMTP smtp.service Fri, 31 Oct 2014 14:29:16 -0400
HELO *******
250 ******* Hello [*******], pleased to meet you
MAIL FROM: *******
250 2.1.0 *******... Sender ok
RCPT TO: *******
250 2.1.5 *******... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Hello
.
250 2.0.0 s9VITGpm030795 Message accepted for delivery
How are you sending this e-mail in PHP? At least, you might configure correctly your php.ini file in order to put as smtp server the right value. Moreover, if you are using the PHP mail function, you should put as $header parameter a string containing "From: foo#bar.com\r\n"...
I want to check entered email address before registering, I found some solutions in SF but these solutions says we should check MX or SMTP port, but we have some fake emails like :
111111#gmail.com
some.email.address#gmail.com
and ...
when I check the gmail.com domain this domain have MX record and there is no problem but this emails are fake !
Is there any way to ping email address with php?
The only thing you can do is send a confirmation email, and ask user to click a link or provide a code you have sent in this email.
You CAN check for the existence without sending a mail.
After you get the MX record, you can use SMTP protocol to communicate with the server directly.
For example: (the lines starting with > means input. )
> telnet gmail-smtp-in.l.google.com 25
Trying 74.125.129.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP pa10si7038694pbc.108 - gsmtp
> HELO
250 mx.google.com at your service
> MAIL FROM: <test#test.com>
250 2.1.0 OK rw3si4189390pab.9 - gsmtp
> RCPT TO: <notexists___#gmail.com>
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 rw3si4189390pab.9 - gsmtp
If you replace notexists___#gmail.com with 111111#gmail.com:
> RCPT TO: <111111#gmail.com>
250 2.1.5 OK il2si7046221pbc.91 - gsmtp
In PHP, you can use socket functions to do things above.
NOTICE: This approach may not work on some SMTP servers.
The only way i know to check email-addresses is through sending an email to them.
Why do you need to check the e-mail address beforehands? You could just send them an "activation link" what also prooves not only the existance but the person behind the address.
You can send a confirmation mail, so that you know that address works. If that is not an option, you can check of the domain actually exists. That way you disregard something#non_existing_domain.com
// or use ANY or for other see above link
if (checkdnsrr('non_existing_domain.com', 'A')){ echo 'Domain exists'; }
else { echo 'Domain does not exist'; }
I am almost done with a tool to detect if email is valid or not. I am stuck at small point where I have to detect If mail server or domain has catch-all policy enable.
Catch all: mail server will accept all email even if email address do not exits.
Thank you.
There is no 100% reliable way to detect a catch-all of a mail server you don't control yourself.
The most promising way is to generate a random address in the target domain which is definitely not used as a real account and send a test message.
If you don't get a reject while sending and no bounce to the envelope sender address of your script within a few minutes, there could be a catch-all involved. But it could also simply mean that the target server quarantined or dropped your message or that the bounce didn't make it back to you.
If you go down that road, make sure your tool generates valid messages, with all the necessary headers, has correct dns/helo settings, doesn't use any non-rfc smtp shortcuts, etc. in order not to get filtered.
On a side note: if this tool is going to be public, make sure its properly protected. Tools that automatically send mails are popular targets for abuse.
You can identify domain is catchall or not by using Telnet.
Create invalid email address against that domain.
e.g.
domain : example.com
Email Adddress : dummyemail#example.com, invalid.email#example.com
How to Telnet:
Step 1 - Find mail exchanger or mail server of example.com
Commmand :
nslookup -q=mx example.com
Response:
Non-authoritative answer:
example.com mail exchanger = 10 aspmx.l.google.com.
example.com mail exchanger = 20 alt1.aspmx.l.google.com.
example.com mail exchanger = 30 alt2.aspmx.l.google.com.
example.com mail exchanger = 40 aspmx2.googlemail.com.
example.com mail exchanger = 50 aspmx3.googlemail.com.
Step 2 - Now we know mail server so let connect to it.
Command:
telnet aspmx.l.google.com 25
Response:
Trying 74.125.24.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP z79si2772641pfi.381 - gsmtp
Step 3 - Enter helo hi
Command:
helo hi
Response:
250 mx.google.com at your service
Step 4 - Email address from which you telnet to targeted email address
Command:
mail from: <emailaddress#gmail.com>
Response:
250 2.1.0 OK z79si2772641pfi.381 - gsmtp
Step 5 - Target email address which you want to validate
Command:
rcpt to: <targetemailid#example.com>
Response:
250 2.1.5 OK z79si2772641pfi.381 - gsmtp
If you got "ok" for invalid email address then that domain is catchall domain.
A catch-all domain in simple terms means, the server of that company will catch any email sent to that domain, even a non-existent address and store it in a section called the catch-all. When this happens, you have no clue if it’s a legitimate email address or not.