Re: FORMS, validating mail was sent [message #181900 is a reply to message #181897] |
Fri, 21 June 2013 16:59 |
The Natural Philosoph
Messages: 993 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 21/06/13 12:27, Tim Streater wrote:
> In article <kq19lv$pqa$1(at)news(dot)albasani(dot)net>,
> The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>
>> On 21/06/13 10:11, Tim Streater wrote:
>>> In article <51c37641$0$6623$9b4e6d93(at)newsspool2(dot)arcor-online(dot)net>,
>>> Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
>>>
>>>> Am 20.06.2013 22:46, schrieb Gordon Burditt:
>>>> >> I'm a PHP near-newbie working fairly successfully on creating a
>>>> secure >> PHP e-mail (mail()) function. It occurs to me that the
>> only >> way a user >> knows (thinks) a form has been sent, is that I
>> tell him >> so either in a >> line of code or with a Thank You page.
>>>> > > Since you're a near-newbie, please save the world from having to
>>>> > block email from your server, and DO NOT put any variables in email
>>>> > headers, DO NOT put any variables from the user in email headers,
>>>> > and DO NOT put any variables set in your form in email headers.
>>>> > Put them in the body of the mail.
>>>>
>>>> Or use at least a good email library which caters for security issues
>>>> and other "details" regarding correct headers.
>>>>
>>>> And one should not forget that not everything could be put in the
>>>> message body--at least not without proper setting of some headers.
>>>>
>>>> > Wrong: From: $email
>>>> > Right: From: www-data(at)myserver(dot)hostingco(dot)com
>>>> > > Some servers are going to require that (a) the From: address is
>>>> > local, (b) the From: address is a valid local user, and perhaps (c)
>>>> > the user name must match the user id of the code that called the
>>>> > MTA. In other words, there might be only one correct From: line
>>>> > you're allowed to use.
>>>>
>>>> Indeed, but the OP may *try* if custom From headers are allowed on
>> his
>>>> webspace.
>>>>
>>>> > (For a mailing list to customers, you're stuck with a variable
>>>> > in the To:, Cc:, or Bcc: headers. )
>>>>
>>>> In my limited experience Cc and Bcc headers *might* be blocked by
>> the >> ISP.
>>>
>>> Well you shouldn't be sending a Bcc: header, now, should you? :-)
>>
>> well there is no there way other than sending EACH message
>> INDIVIDULLY that you can hide other members of the mailing list from
>> the intended recipient.
>
> Here's how I do it in my email client wot I rote.
>
> 1) The user (i.e, just me at this point) composes a mail and adds a
> certain number of destination addresses in the To:, cc:, and bcc: fields.
>
> 2) These are then checked for being properly formatted and stored in
> three strings.
>
> 3) At the point the mail is sent, logon to the mail host. Send "MAIL
> FROM <address>" where 'address' is whatever the user types into the
> From field or gets put there automatically if the user selects it.
>
> 4) The three strings from (2) are converted to arrays of addresses and
> sent to the host as a series of "RCPT TO <address>".
>
> 5) Then send "DATA" followed by the headers such as From:, Subject:
> Date:, cc:, any content-type and so on, then a blank line and the
> actual body, encoded and in parts as necessary.
>
>
> So that's one mail sent for all the addresses (above I've left out
> checking returned statuses, timeouts, etc) with no bcc: line sent. So
> all the addresses *could* be put in the bcc: field, with no
> inter-recipient consciousness.
>
in MTA terms there is no Bcc: field at all. That's an MUA masking of the
underlying way SMTP mail works.
The To: and CC: and BBC: headers are parsed to get a list of addresses
which become the envelope address.
The Bcc: fields are removed from the headers, leaving only To: and From:
(and a lot of others)
But the ONLY thing that matters is the RCPT TO transactions when
talking to the MTA. In terms of the message getting there, and the fact
is that many MTAS will dump the message if it has too many RCPT TO
instructionsbefore it gets to 'data'.
And the workaround is to send those message individually. Not as bulk mail.
This is how I do it at PHP level:
$return_path="webmaster(at)xxxc(dot)com";
$from="webmaster(at)xxxc(dot)com";
// get list of addressees
mysql_query("set group_concat_max_len = 8192"); //to avoid truncation
// picks up a comma delimited list of peopole who want to be mailed,
and actually have valid email addresses
$email=mysql_result(mysql_query(sprintf("select 1 as g,
group_concat(email separator ',') as them from people where status>='%d'
and instr(email,'@') group by g",$status)),
0,'them');
//
$headers = sprintf("To: %s\nFrom: %s\nBcc:%s\n", $from, $from,$email);
mail('', $subject, $body, $headers, "-f ".$return_path );
Note the -f.$return_path
If you don't have that set to a valid address, many mailers will reject
your email as spam. You cannot rely on that to be set by the MTA either.
It tends to default to www-data@machine-name
In my case with an exim mailer I had also to set 'don't send multiple
recipient emails' somehow
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|