I've been googling around for awhile now and have been unable to find any sort of solution or any information at all.
What I need to do is to configure postfix so that when one of our websites sends mail using PHP (via a contact us form or w/e) the mail log will show what the sending website was. This way we can identify a compromised website/form, etc in case one of our IP addresses should get blacklisted. We run virtual hosts so each server could have dozens to hundreds of websites on them. For us to otherwise track them down manually could take forever.
Is this even possible? Perhaps its not if I couldn't find anything on google :(
Consider using PHP 5.3's new mail.log configuration directive. It will allow you to define a log file where all calls to the mail() function are recorded, including the To address, the headers, and the full path to the script that made the call.
If you aren't running 5.3, consider upgrading to it, or to 5.4 once it's out in a few weeks.
Unfortunately this is only half of a solution. There are numerous PHP mail libraries that speak SMTP. If you permit local SMTP connections (as most good web hosting providers should), then users would have a way to bypass that log.
Related
I am hosting my website on https://www.gandi.net/en , thing is they don't allow connections over ssh only sftp.
I have a form on my website and want to allow user to contact me through that form. In other words an e-mail needs to be sent from form#mydomain.com to me#mydomain.com.
In order to do that there are a couple of options I tried, but none of them seems to work:
1) PHP's mail function: doesn't support authentification. In order to send an e-mail from form#mydomain.com I need to authenticate. And that doesn't seem to be possible with the mail-function
2) PHPMailer: I saw many people recommending this solution. I downloaded their sources and had a look. It seems like in order for it to work you need to actually install PHPMailer using composer. I can't run composer via sftp...
What other solutions exist? Or what workaround exists?
Thanks!
2) PHPMailer: I saw many people recommending this solution. I
downloaded their sources and had a look. It seems like in order for it
to work you need to actually install PHPMailer using composer. I can't
run composer via sftp...
You don't need to run composer, just download the PHPMailer files manually and upload it via sftp. Composer just makes it easier to install packages, the PHPMailer itself existed long before Composer was a thing.
If you don't know how to install it without Composer, take a look at this answer.
You can give swiftmailer a try: https://swiftmailer.symfony.com/
It is used by Yii2 Framework as well.
If I am not mistaken, for most if not all PHP extensions, you can integrate it into your website by using composer from your own development machine, and then you'd upload the source using FTP. You don't need to use composer on the host server.
I have used swiftmailer with Yii2 websites on a public host and I didn't have to do any special setup on the host.
If all else fails, change host. Get a refund and use your new host's web transfer services to move with minimum effort.
Looks like if you use a SPF TXT record in your DNS setup for their Simple Hosting package, you should be able to use mail() as-is without having to authenticate to your mail host:
# 10800 IN TXT "v=spf1 ip4:217.70.176.0/21 ip6:2001:4b98:c::/48 ip4:217.70.185.10 ip4:173.246.97.150 ip4:217.70.186.165 ptr ?all"
Source:
http://wiki.gandi.net/en/dns/zone/spf-record
Which has this quote:
This Simple Hosting records is only used if you plan to send e-mails through your website (via contact form, etc..)
After you've submitted each of these changes, be sure to activate the new version of your zone file, and keep in mind that it will take about 3 hours for it to take full effect due to the standard DNS propagation delay.
You can confirm the SPF TXT record is deployed using various online SPF testing tools.
Since a lot of users have the ability to edit StackOverflow posts, I recommend going to the source and copying and pasting the appropriate SPF record directly to avoid shenanigans. Also the Gandi Wiki will always have the latest list of IPs whereas this post may go stale after 6 months.
I recommend Composer-less CubicleSoft Ultimate E-mail Toolkit or one of the other already mentioned libraries over directly using the built-in PHP mail() function. The PHP mail() function is very misleading. It simply drops a properly prepared mail message into the mail queue on the local host. However, e-mail is very complex and really needs a library even for the most basic PHP mail() use-cases.
If you want to use one of the other Composer-enabled libraries but don't want to upload thousands of little rinky-dink files that comes with Composer-enabled software, then check out CubicleSoft Decomposer. Decomposer takes an entire Composer project tree and generates standalone builds with 1-2 files as the output.
I am trying to work with a shared host in which the mail() function was disabled (I can see that on disabled functions on phpinfo()) by someone that I don't know.
All I have access is the root folder for the site files in the ftp, so I can't edited the php.ini in /etc/ neither restart Apache (I know is a linux based OS).
Is there any way I can enable it by a secondary php.ini or ini_set()?
EDIT: I am aware of PHPMailer. I was trying to use it but it was being block as well. That's why I started trying to use mail(). Just to see if it would work
You need to get a new host or upgrade to some different plan.
However you can go ahead with mailgun(https://www.mailgun.com/) which is very cheap and no cost to set up.
You just need to link your credit card for a safety but they never charge you unless you pass 10,000 emails per month(https://www.mailgun.com/pricing).
There are other solutions as well like mandrill or sendgrid. However, Mailgun is almost free unless you are using more transactions emails.
You can find the official mailgun php package in here : https://github.com/mailgun/mailgun-php
You need to check if curl is installed in your server though.
Secondly, trying to send emails directly is not a good practice. Most of the times they will end up getting in spam folder. Use SMTP and use PHPMailer Extention.
Steps to do so :
1. So to cpanel and go to emails
2. Create a new email account and add a password
3. Click on configure mail client related to the new email address you have created
4. You will get 2 tabs, SSL configurations and NON SSL configurations
5. You can choose TLS, copy the outgoing host, email and password.
6. Now install phpmailer and enter the above credentials and try sending email.
7. Also as a safety, go to authentication in your cpanel and check if any issues are mentioned for emails just for safety.
This is an issue I've encountered several time and haven't yet found a decent solution for:
Sending an e-mail from a webserver on e.g. "domain.com", to info#domain.com which is hosted on an external mail server e.g. Google Mail
In my case I always send from PHP over Apache and often on shared hosting, but I can imagine this is the same case on other frameworks.
These e-mails always seem to be delivered to the local mail server, even if I set the MX records on that server to point to the right external mail server.
A solution for this is to use an external SMTP server, but this isn't always easy when you're working with clients that either need to set-up a new e-mail account on their server and provide the SMTP details or sign-up for a third-party SMTP server.
What is the solution for this? Is there no way around SMTP?
Most emai/MTA server "autoconfigure" themselves. They guess list of local email domains (doimans with locally hosted mailboxes).
In sendmail case you can turn it off adding the following line in sendmail.mc:
define(`confDONT_PROBE_INTERFACES', `True')
Documentation : cf/README - confDONT_PROBE_INTERFACES
I have had the same issue many many times (in my case using PHP on a LAMP stack).
Try/check the following.
If you are using cPanel or similar, set the MX records to the external mailserver (Google apps etc).
Set up an SPF record to allow your hosting website to send email (this way no need to configure SMTP).
This may not be applicable but if you are using something like phpmailer. Set the property $mail->isMail(); so it tries to use your SPF allowed local mail() function to send the email. Sorry for going off into very specific advice, but might help in your particular situation.
Worth checking there are not similarly named local mailboxes on your hosting box.
Hope this helps!
I have a website that receives incoming emails via cloudmailin, adds the content to the database, and then sends a confirmation email back to the person who sent the email. Currently I'm using a php mail() function to send the reply, but it seems to take about 1.5 min to actually get to the user's inbox. Is there a way to make this more instantaneous? I'm currenly hosting the application on FatCow, and I'm sure it has to do with their mail server, but I don't really know much about how that works and am wondering if I have to change hosts to accomplish faster delivery times or if I can do anything about it without switching.
mail() is a black box. You're telling PHP to try sending a mail however the host has configured PHP to do so.
It's very likely that it's just calling sendmail in your case. It's also very likely that the mail queue on that machine isn't the fastest in the world. Shared hosting machines are often overloaded.
The very first thing you should do is ask your host about the mail delay. Perhaps something is wrong, and they can fix it. Or they might just tell you that a minute and a half is not a long time to wait.
There are lots of other options, mostly in the form of companies that provide an SMTP service to you. I can't recommend one, but I can recommend that you pop over to your favorite search engine and look for "smtp service." I've recently starting working with Amazon Simple Email Service. It's supposed to be fast and well-maintained, and it's certainly inexpensive.
All of those options are likely going to require some configuration changes on your end. For example, you'll want to set up custom DNS records (for DKIM and SPF) to ensure that mail from a third party provider isn't automatically flagged as spam.
Using SMTP with PHP is dead easy. There are plenty of mail generating options out there. My personal favorite is SwiftMailer. It even has a transport option for Amazon SES.
The final option, of course, is grabbing your own virtual private server or dedicated server, which will let you configure outgoing mail as you desire, at the cost of needing to know how to maintain that server.
Edit: Obligatory link to relevant Coding Horror post.
I have some problems with the email system for CodeIgniter:
First, the emails I send out (registration, confirmations) are getting caught in standard spam filters in gmail and other mail clients. How do I get around this? How do companies like Facebook get their emails through consistently?
Second, the mailer is working locally but once we deploy it it no longer runs (doesn't send emails) but all the other forms run just fine. Anyone ever run into a problem like this?
Thanks for all the help!
I can't really answer your first question - it's not specific to CodeIgniter. You just need to make sure your email doesn't look like spam. In short - there's no way of guaranteeing your e-mail will not end up in a spam filter.
As for the second question, I expect your production server needs to be configured properly for email. You probably need to configure CodeIgniter to send email properly. I would suggest setting up an SMTP server (or using an existing one) rather than using the standard PHP mail which I think CodeIgniter uses by default.
Regarding spam, most organisations are very secretive about how they prevent spam (not wanting to publish information which helps the spammers) and in some cases they don't actually know - an obvious examlpe of this is bayesian filtering - but, for example, hotmail use a completely unaccountable army of volunteers to manually classify emails.
Do and get a copy of spamassassin and try to reverse engineer how the standard rules work. Obvious things to check are:
1) AVOIDING LOTS OF CAPITALS
2) don't mention the 'V' word
3) make sure you've got a current and restrictive SPF 1.0 policy published
4) make sure your sending from an address which has A and PTR DNS records
5) Do provide a reply-to and from email address which use your domain in the address
the mailer is working locally but once we deploy it it no longer runs
doesn't send emails
Which? These are 2 totally seperate things. If the code is falling over (if so why have you not provided the error details) then its likely a PHP version issue or a problem with the connection to the MTA (or the PHP mail config).
The latter is a problem with the MTA itself.
99.9% of problems reported as PHP mail failures have nothing to do with PHP and are problems with the MTA.
Enabled detailled error reporting for your MTA and see where it is failing.
C.
You may have to configure the email on your server differently than your local development environment. I've had to in the past.
There are two basic ways that PHP can send mail:
Via a UNIX program called "sendmail" (only on non-Windows servers and only if it is installed - check with your hosting provider)
Via a SMTP server.
If you've configured CodeIgniter to use SENDMAIL, check to ensure that the Sendmail path is correct. Your hosting provider usually provides this somewhere in their online documentation.
If you're using SMTP, you need to make sure that your server can contact the SMTP server. You can do this by logging into the server via SSH and typing "telnet your.smtpserver.com 25". If you get an error message about not being able to connect, you know you have a problem with your hosting provider connecting to your mail server.
I've been able to diagnose this problem by enabling logging on my production server (http://bit.ly/4pprd6) and adding log_message('error', $this->email->print_debugger()) right after I attempt to send a message.