Alright, this may take a moment or two to explain:
I'm working on creating an Email<>SMS Bridge (like Teleflip). I have a few set parameters to work in:
Dreamhost Webhosting
PHP 5 (without PEAR)
Postfix
MySQL (If Needed)
What I have right now, is a catch-all email address that forwards the email sent to a shell account. The shell account in turn forwards it to my PHP script.
The PHP script reads it, strips a few Email Headers in an effort to make sure it sends properly, then forwards it to the number specified as the recipient. 5551234567#sms.bridge.gvoms.com of course sends an SMS to +1 (555) 123-4567.
This works really well, as I am parsing the To field and grabbing just the email address it is sending to. However, what I realized that I did not account for is multiple recipients. For example, an email sent to both 5551234567 and 1235554567 (using the To line, the CC line, or any combination of those).
The way email works of course, is I get two emails received, end up parsing each of them separately, and 5551234567 ends up getting the same message twice.
What is the best way to handle this situation, so that each number specified in TO and CC can get one copy of the message.
In addition, though I doubt its possible: Is there a way to handle BCC the same way?
If you check the headers of the mail, you should find a Message-ID field (according to RFC2822 - section 3.6.4). So you could test if you have already sent an SMS for a mail with the same Message-ID & phone number to prevent sending the same message to the same number twice.
Why not use something like imap to check the catch-all mailbox, loop through the messages and then delete them once finished? That way you don't need to forward them to a seperate account.
Stupid dirty solution: parse all recipients from the mail, then send them SMS, then put em all into temporary table with md5 of message text. And check all incoming mails against this table.
Although wimvds had the best answer here, I found out elsewhere that Dreamhost includes a "X-DH-Original-To" header in the way I'm running it through the system. Using this, I'm able to send to each number individually upon receipt of the email without checking it against a database. This should also work with Blind Carbon Copy (I don't know the specifics of how email works enough to tell you how that works).
Related
I need to create a system that will pipe incoming emails to a PHP script, then get rid of the email. Technically, I don't want these email addresses to actually exist. I would want to validate the email address by checking a database. So if I have a database with say 100 email addresses (i.e. 2323#mydomain.com), the PHP script would parse the email, store the contents in a database for later use, and then discard the email.
I piped emails to a PHP script in the past and parsed the email. However, my understanding of this requires the email address to exist.
I figure a catch-all account would be a bad idea, as SPAM could account for the majority of incoming emails, which I have no use for.
I could create the emails dynamically perhaps, if that is even possible with PHP, but again, I don't actually need to store the incoming email. Eventually the server would get bogged down with emails that I have no use for, especially since the contents would be stored in a database.
There will be no manual management of the incoming emails. Everything would be automated. While I'm sure I could use the PHP imap extension to delete emails say every 30 days, this seems unnecessary.
Any suggestions on the best setup for this?
Automation of email address creation or wildcard catch
Parsing of email, storing and discarding
Please have a look at a GitHub Project PHPMailer and the documentation is available here.
You can also try sendgrip, another good SMTP mailer for PHP.
These projects do not have a direct functions to delete e-mails, however, you will have to bake your own code extending some of the classes. Good Luck!
See http://harrybailey.com/2009/02/send-or-pipe-an-email-to-a-php-script/ for an excellent article that explains how to pipe incoming mail to a PHP script. You should be able to configure your MTA with a wildcard on your domain (so that it accepts mail to anyaddress#yourdomain.tld) and forward each incoming message to your PHP script. Your PHP script can then pickup the sender, recipient, subject, etc., query your database, and process the message accordingly.
I'm confused about how mail works in PHP and CakePHP.
1.) What is the difference between sending an email either using the PHP mail function / CakePHP email helper or SMPTP as shown here: http://book.cakephp.org/1.3/en/view/1290/Sending-A-Message-Using-SMTP as the outcome looks the same?
2.) To specify who the email is coming from, you pass in the email in the header, but you can put whatever you want, so what is stopping you from just putting in anything? like yourbank.com? mail('you#gmail.com', "Subject", "Message", "From: <dave#yourbank.com>"); I just tried it and it worked fine and I couldn't find out anyway in Gmail to see if it didn't come from dave at yourbank.com...
Hopefully I can get some light on these two questions. Thanks.
1). CakePHP has a bunch of helpers & functionality implemented to make life easier when developing applications. As you've discovered, Cake has mail functionality. I suggest reading this whole page http://book.cakephp.org/2.0/en/core-utility-libraries/email.html (It's 2.0 not 1.3, so please not there have been some big alterations between the two versions). The article covers in depth on why you may configure something in a particular manner.
CakePHP is using the default mail function with PHP. It's just allow you to incorporate views into the content and configure the outgoing mail in a much easier manner.
2) As for putting in potentially any email address within the From Header.... this can potentially fall under the category of Email Spoofing, essentially sending an email when it's not authorized from the source (From Header). Again this links back to configuring specific mail servers.
By default mail clients and generally setup to prevent spam and junk, this is done by taking a large amount of steps. Some may be..
Keyword checking, (Checking the contents of an email for any
keywords classified as spam).
Header checking, <--- This is the one that answers your
question.
Essentially... headers are examined and checked to see if the server that the mail was sent from has the authority to use the given from address.
As I don't have enough technical knowledge, i'll throw a few pages your way which discuss setting up records against your DNS/Domain so emails are validated correctly and not put within spam folders.
http://www.ipswitch.com/support/imail/guide/imailgsv8.1/Appendix%20A%20dns4.html
http://help.postageapp.com/kb/application-features/dkim-and-spf-setup-and-validation
How to properly set up DNS SPF records?
I hope my jumbled ramblings make some sort of sense.
Question 1: PHP mail function uses your own server's built in email functionality to send email. If you use SMTP, you're connecting to another server (eg. Google's mail servers) and using that server to send the email.
CakePHP's email component can use either PHP mail, or SMTP, depending on how you configure it.
The outcome is basically the same in many respects. Which way is best for you will depend on your set up, the volume of email you're sending, whether your own server has any restrictions with regards to sending mail, etc. If you Google "PHP mail versus SMTP" or similar, then you'll get some info to help you decide which is best for you.
If you're not sending much email, eg. if you're just wanting to send the results of an enquiry form that gets submitted a few times each day, then just use PHP mail and don't worry about it.
Question 2: Although email programs put various measures in place to make sure mail is legitimate, basically nothing stops fake emails completely. You can send Fake email. Check out this site: http://deadfake.com/Send.aspx and in particular, their FAQ section: http://deadfake.com/FAQ.aspx
Spam filters do their best to catch fake emails, but ultimately it's up to the end user to keep their wits about them, especially with banking emails!
I'm currently trying to design a PHP webapp that allows users to send emails to other users. The recipient can then reply to the email and the message will be updated in the webapp.
Now to keep track of each individual user message, I would like to add a custom header (ie. conversation_id) in the email. When the recipient replies to the email in their email client, will the custom mail header (ie. conversation_id) be preserved?
There will be cron job that executes every minute that opens a POP3 stream to the web server to retrieve new emails (replies that the user may have sent with their mail client) to update my DB.
I'm not sure if this is a good way for designing such an app. Any suggestions?
EDIT: Also, I'm sure wondering how I can strip out the quoted messages in the reply?
You can't rely on mail headers being preserved - it is pretty much up to the individual mail client to decide what to include.
I would generally put the conversation ID within [] brackets in the subject which makes it really easy to parse out with a regular expression.
Each message already contains the Message-ID field which is used by the mail clients to create the content of the In-Reply-To field.
Wouldn't the usual way after the standards be to rely on the user's mail client setting the in-reply-to field correctly? As far as I know, all email client use this correctly. (even though according to this thread Outlook may have an occasional bug?)
So I think, emails already feature this and you don't have to worry about creating a custom mail header entry and unpredictably behaving mail clients.
EDIT: I rembember a friend telling me his frustration from work about how many people remove or even edit these Tags in [ ] brackets from the suject field. Also, it seems to be a very dirty work-around and all of your software would need to handle it without opposing it to the users ability to change it => practically impossible.
EDIT: I think it will be hard to reliably strip out the quoted message in the reply, because each mail client handles it differently.
I am writing an admin notification sytem for my custom CMS. So I am planning of adding a bcc to all the users of sites. So here are my questions?
Is bcc better than the foreach($user){mail()} function? in terms of server resource usage?
How many bcc's will the server support?
Thank you.
A direct mail to a user is usually the 'nicer' option, as it allows you to personalize it. The advantage for you is that you may get the chance to get some feedback by adding a unique id for each mail to each url that links back to your site. Using bcc is just one mail (from the view of your php server), but you shouldn't really worry about server resources here.
Limits for bcc seem to depend on your provider. I have seen limits ranging from 5 too 500.
Sending too many mails at once may also not work due php processing time limits. For many users you will have to split the sending in both cases.
PHP is just the transporter of your request to the SMTP Server, so there is no limitations in PHP What so ever.
You can check your SMTP Servers limitations to see how many you can actually attach the the email.
using bin carbon copies will not really save you that much resources as the SMTP Server Still has to send an email to all attached recipients, this being said the only thing BCC Does for you is hide the email addresses in each email dispatched.
BCC is, lets say, hidden recipients. So if you'll add recipients to BCC users will receive your message, but their emails will not be displayed in "to" or "copy" list.
Max count of BCC recipients depends on mail server.
Well, this only works if you send the exactly same message with no personal/individual information in it, like all would receive this same message:
hello world
and not
Dear Mr. XY
or
Dear Ms. AB
I have seen on some sites where the user can simply send a blank e-mail to something like verify#domain.com to have their e-mail verified if they are having trouble getting the verification e-mail. I have a website with PHP/MySQL that I'd like to implement this same functionality, but I haven't done much with e-mail besides sending it so I don't even know where to start to set something like this up.
Basically if your mailbox is an IMAP you could reference these functions via PHP http://www.php.net/manual/en/ref.imap.php (if enabled, check your phpinfo()) and read that specific mailbox (http://www.php.net/manual/en/function.imap-open.php).
Run a cronjob every 10 minutes maybe (I say 10minutes as I dont see many people doing this), loop thru all the emails (if any), run your logic to verify that email account, send them an email to say its been verified, then delete that email item from your account so you are not creating a massive backlog of emails.
Its risky way of wanting someone to verify but this is probably one way of doing it.
If your host allows you to, you can pipe received email to a program (in your case, a PHP script), which could then parse the message and decide what to do.
However, I agree that this isn't very secure. It would be very easy to spoof the sender, unless you implement DomainKey checking or DNS lookups.