| Re: FORMS, validating mail was sent [message #181906 is a reply to message #181901] |
Fri, 21 June 2013 22:43   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 21/06/13 18:25, Tim Streater wrote:
> In article <kq20q8$9cc$1(at)news(dot)albasani(dot)net>,
> The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>
>> On 21/06/13 12:27, Tim Streater wrote:
>>> In article <kq19lv$pqa$1(at)news(dot)albasani(dot)net>,
>>> The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>>
>>>> On 21/06/13 10:11, Tim Streater wrote:
>>>> > In article <51c37641$0$6623$9b4e6d93(at)newsspool2(dot)arcor-online(dot)net>,
>>>> > Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
>>>> >
>>>> >> Am 20.06.2013 22:46, schrieb Gordon Burditt:
>>>> >> >> I'm a PHP near-newbie working fairly successfully on
>> creating a >> >> secure >> PHP e-mail (mail()) function. It occurs to
>> me that the >> only >> way a user >> knows (thinks) a form has been
>> sent, is that I >> tell him >> so either in a >> line of code or with
>> a Thank You page.
>>>> >> > > Since you're a near-newbie, please save the world from
>> having to
>>>> >> > block email from your server, and DO NOT put any variables in
>> email
>>>> >> > headers, DO NOT put any variables from the user in email
>> headers,
>>>> >> > and DO NOT put any variables set in your form in email headers.
>>>> >> > Put them in the body of the mail.
>>>> >>
>>>> >> Or use at least a good email library which caters for security
>> issues
>>>> >> and other "details" regarding correct headers.
>>>> >>
>>>> >> And one should not forget that not everything could be put in the
>>>> >> message body--at least not without proper setting of some headers.
>>>> >>
>>>> >> > Wrong: From: $email
>>>> >> > Right: From: www-data(at)myserver(dot)hostingco(dot)com
>>>> >> > > Some servers are going to require that (a) the From:
>> address is
>>>> >> > local, (b) the From: address is a valid local user, and
>> perhaps (c)
>>>> >> > the user name must match the user id of the code that called the
>>>> >> > MTA. In other words, there might be only one correct From: line
>>>> >> > you're allowed to use.
>>>> >>
>>>> >> Indeed, but the OP may *try* if custom From headers are allowed
>> on >> his
>>>> >> webspace.
>>>> >>
>>>> >> > (For a mailing list to customers, you're stuck with a variable
>>>> >> > in the To:, Cc:, or Bcc: headers. )
>>>> >>
>>>> >> In my limited experience Cc and Bcc headers *might* be blocked
>> by >> the >> ISP.
>>>> >
>>>> > Well you shouldn't be sending a Bcc: header, now, should you? :-)
>>>>
>>>> well there is no there way other than sending EACH message >>
>> INDIVIDULLY that you can hide other members of the mailing list from
>>>> the intended recipient.
>>>
>>> Here's how I do it in my email client wot I rote.
>>>
>>> 1) The user (i.e, just me at this point) composes a mail and adds a
>>> certain number of destination addresses in the To:, cc:, and bcc:
>> fields.
>>>
>>> 2) These are then checked for being properly formatted and stored
>> in > three strings.
>>>
>>> 3) At the point the mail is sent, logon to the mail host. Send
>> "MAIL > FROM <address>" where 'address' is whatever the user types
>> into the > From field or gets put there automatically if the user
>> selects it.
>>>
>>> 4) The three strings from (2) are converted to arrays of addresses
>> and > sent to the host as a series of "RCPT TO <address>".
>>>
>>> 5) Then send "DATA" followed by the headers such as From:, Subject:
>>> Date:, cc:, any content-type and so on, then a blank line and the >
>> actual body, encoded and in parts as necessary.
>>>
>>>
>>> So that's one mail sent for all the addresses (above I've left out
>>> checking returned statuses, timeouts, etc) with no bcc: line sent.
>> So > all the addresses *could* be put in the bcc: field, with no >
>> inter-recipient consciousness.
>>>
>> in MTA terms there is no Bcc: field at all. That's an MUA masking of
>> the underlying way SMTP mail works.
>
> Quite.
>
>> The To: and CC: and BBC: headers are parsed to get a list of
>> addresses which become the envelope address.
>
> I may do some experiments where I'll do the RCPT-TO correctly but put
> junk in the To: and cc: headers to see what happens. I have found that
> it doesn't always matter what the From: header says. I was able to
> change it to mickey(dot)mouse(at)example(dot)com and the mail arrived at the
> destination.
>
>> mail('', $subject, $body, $headers, "-f ".$return_path );
>
> I don't use mail(). I've rolled my own, which seems to work.
>
yes., well in which case its the MAIL FROM: command which is crucial in
the smtp conversation.
MTAS generally ONLY respond to RCPT TO to get the message moved along
and the MAIL FROM to determine its come from a real person. They will
normally check MX records for that domain and may even send a null
message to it to check it exists. If not it may junk the mail. Because
its unbounceable, so norally its rejected right at te start.
The headers are completely ignored unless to be rewritten (rare these
days) or to be added to.
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]