(PHP 4, PHP 5)
mail — E-Mails senden
Sends an email.
Empfänger (einer oder mehrere) der E-Mail.
Die Formatierung dieses Strings muss nach » RFC 2822 erfolgen. Beispiele:
Betreff der E-Mail.
Die Formatierung dieses Strings muss nach » RFC 2047 erfolgen.
Die zu sendende Nachricht.
Jede Zeile muss durch ein LF-Zeichen (\n) getrennt werden. Außerdem sollten die Zeilen nicht mehr als 70 Zeichen enthalten.
(Nur unter Windows:) Falls PHP direkt mit einem SMTP-Server kommuniziert und wenn ein Punkt (.) an einem Zeilenanfang steht, wird dieser Punkt entfernt. Um das zu verhindern, können Sie diese Punkte durch zwei Punkte ersetzen.
<?php
$text = str_replace("\n.", "\n..", $text);
?>
String, der am Ende des E-Mail-Headers eingefügt werden soll.
Dies kann benutzt werden, um zusätzliche Header-Angaben wie From, Cc oder Bcc anzugeben. Falls mehrere solcher zusätzlichen Header-Angaben angegeben werden soll, müssen diese durch ein CRLF-Zeichen (\r\n) getrennt werden.
Hinweis:
Um eine E-Mail zu senden, muss die E-Mail einen From-Header enthalten. Dies kann entweder durch Setzen eines additional_headers-Parameters oder durch Setzen eines Standardwertes in der php.ini geschehen.
Falls dies nicht geschieht, wird eine Fehlermeldung ähnlich wie Warning: mail(): "sendmail_from" not set in php.ini or custom "From:" header missing ausgegeben. Der From: Header setzt unter Windows auch den Return-Path: Header.
Hinweis:
Wenn E-Mails nicht ankommen, versuchen Sie bitte, nur das LF-Zeichen (\n) zu verwenden. Einige UNIX-MTAs (mail transfer agents) ersetzen leider LF durch CRLF (\r\n) automatisch (wodurch das CR-Zeichen verdoppelt wird, wenn CRLF verwendet wird). Dies sollte aber nur in Ausnahmefällen geschehen, da es gegen » RFC 2822 verstößt.
Der additional_parameters-Parameter kann benutzt werden, um zusätzliche Parameter an das Programm zu senden, das für den E-Mail-Versand konfiguriert ist (wenn die sendmail_path-Einstellung verwendet wird). Zum Beispiel kann hiermit die "envelope sender address" (Absenderadresse) gesetzt werden, wenn sendmail mit der -f-Option benutzt wird.
Der Benutzer, unter dem der Webserver läuft, sollte als bekannter Benutzer in der sendmail-Konfiguration eingetragen werden, um zu verhindern, dass ein 'X-Warning'-Header zu den E-Mails hingefügt wird, wenn mit dieser Methode (-f) der Absender gesetzt wird. Sendmail-Benutzer finden diese Datei hier: /etc/mail/trusted-users.
Gibt TRUE zurück, wenn die E-Mail erfolgreich für den Versand akzeptiert wurde, sonst FALSE.
Dass eine E-Mail für den Versand akzeptiert wurde, bedeutet nicht, dass sie auch wirklich den gewünschten Empfänger erreichen wird.
Version | Beschreibung |
---|---|
4.3.0 (nur Windows) | Alle benutzerdefinierten Header wie (From, Cc, Bcc und Date) werden unterstützt und sind nicht abhängig von der Groß-/Kleinschreibung. (Da benutzerdefinierte Header nicht direkt vom MTA interpretiert werden, sondern von PHP geparst werden, unterstützte PHP < 4.3 nur den Cc-Header, das dort auch abhängig von der Groß-/Kleinschreibung war. |
4.2.3 | Der additional_parameters-Parameter ist im safe_mode deaktiviert; mail() gibt eine Warnung aus und gibt FALSE zurück, wenn Sie den Parameter trotzdem verwenden. |
4.0.5 | Der additional_parameters-Parameter wurde hinzugefügt. |
Beispiel #1 Verschicken einer E-Mail.
mail() wird benutzt, um eine einfache E-Mail zu versenden:
<?php
// Die Nachricht
$nachricht = "Zeile 1\Zeile 2\Zeile 3";
// Falls eine Zeile der Nachricht mehr als 70 Zeichen enthälten könnte,
// sollte wordwrap() benutzt werden
$nachricht = wordwrap($nachricht, 70);
// Send
mail('benutzer@example.com', 'Mein Betreff', $nachricht);
?>
Beispiel #2 Verschicken einer E-Mail mit zusätzlichen Headern.
Hier werden einfache Header gesetzt, um dem MUA (mail user agent, z.B. ein E-Mail-Programm) die From- und die Reply-To-Adressen mitzuteilen:
<?php
$empfaenger = 'niemand@example.com';
$betreff = 'Der Betreff';
$nachricht = 'Hallo';
$header = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($empfaenger, $betreff, $nachricht, $header);
?>
Beispiel #3 Verschicken einer E-Mail mit einem zusätzlichen Kommandozeilen-Parameter.
Der additional_parameters-Parameter kann benutzt werden, um zusätzliche Parameter an das über sendmail_path konfigurierte Programm zu senden.
<?php
mail('niemand@example.com', 'Betreff', 'Nachricht', null,
'-fwebmaster@example.com');
?>
Beispiel #4 Verschicken einer HTML-E-Mail.
Auch HTML-E-Mails können mit mail() versendet werden.
<?php
// mehrere Empfänger
$empfaenger = 'max@example.com' . ', '; // beachten Sie das Komma
$empfaenger .= 'moritz@example.com';
// Betreff
$betreff = 'Geburtstags-Erinnerungen für August';
// Nachricht
$nachricht = '
<html>
<head>
<title>Geburtstags-Erinnerungen für August</title>
</head>
<body>
<p>Hier sind die Geburtstage im August:</p>
<table>
<tr>
<th>Person</th><th>Tag</th><th>Monat</th><th>Jahr</th>
</tr>
<tr>
<td>Julia</td><td>3.</td><td>August</td><td>1970</td>
</tr>
<tr>
<td>Tom</td><td>17.</td><td>August</td><td>1973</td>
</tr>
</table>
</body>
</html>
';
// für HTML-E-Mails muss der 'Content-type'-Header gesetzt werden
$header = 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// zusätzliche Header
$header .= 'To: Simone <simone@example.com>, Andreas <andreas@example.com>' . "\r\n";
$header .= 'From: Geburtstags-Erinnerungen <geburtstag@example.com>' . "\r\n";
$header .= 'Cc: geburtstagsarchiv@example.com' . "\r\n";
$header .= 'Bcc: geburtstagscheck@example.com' . "\r\n";
// verschicke die E-Mail
mail($empfaenger, $betreff, $nachricht, $header);
?>
Hinweis:
Wenn Sie HTML- oder komplexe E-Mails versenden möchten, sollten Sie das PEAR-Paket » PEAR::Mail_Mime verwenden.
Hinweis:
Die Windows-Implementierung vonmail() unterscheidet sich auf mehrere Arten von der Unix-Implementation. Zum einen benutzt sie kein lokales Programm, um die Mails zu erstellen, sondern sie arbeitet auf Sockets. D.h., dass ein MTA benötigt wird, der auf einem Netzwerk-Socket lauscht (entweder auf dem eigenen oder einem entfernten Rechner).
Zum anderen, werden die benutzerdefinierten Header wie From:, Cc:, Bcc: und Date: nicht direkt durch den MTA interpretiert, sondern zunächst von PHP geparst.
Daher sollte der to-Parameter keine Adresse der Form "Irgendwas <irgendwer@example.com>" enthalten, da dies von PHP möglicherweise nicht korrekt an den MTA übergeben werden kann.
Hinweis:
E-Mails mit Anhängen und speziellen Inhalten (wie HTML) können mit dieser Funktion versendet werden. Dazu wird MIME-Encoding verwendet. Weitere Informationen dazu finden Sie in einem » Zend-Artikel und in den » PEAR-Mime-Klassen.
Hinweis:
Bitte beachten Sie, dass die mail()-Funktion nicht dazu geeignet ist, große Mengen von E-Mails in einer Schleife zu senden, da die Funktion für jede E-Mail ein SMTP-Socket öffnet und schließt, was nicht sehr effizient ist.
Um große Mengen von E-Mails zu senden, schauen Sie sich bitte die PEAR-Pakete » PEAR::Mail und » PEAR::Mail_Queue an.
Hinweis:
Die folgenden RFCs könnten nützlich für Sie sein: » RFC 1896, » RFC 2045, » RFC 2046, » RFC 2047, » RFC 2048, » RFC 2049 und » RFC 2822.
If mail() encounters an error, it just returns false. To find why, we need to discover where the sendmail command put its error. On Linux, this is usually /var/log/messages.
The mail errors don't end up in /var/log/httpd/errors (because apache doesn't know that /usr/sbin/sendmail returning false is an error), nor in /var/log/mail/ (because the email never got as far as postfix, and no SMTP/delivery error occurred.)
If you use mutt, do as below,
/usr/bin/mutt -s '$subject' -f /dev/null -e 'set copy=no' -e 'set from = "{$GLOBALS[cfg][email_from]}"' -a '$attach_file_full_path' '{$GLOBALS[cfg][email_to]}' </dev/null 2>&1;
it seams to be better, to terminate additional headers neither with "\n" nor with "\r\n", but to terminate them with the php constant PHP_EOL.
The benefit is: this works fine as well on a LINUX based Host as on a Windows based host.
As final result there must be produced a mail file fulfilling the RFC2822 ff.
On a Linux system therfore in headers linebreaks like "\n" are required due to the sendmail script transforming them to "\r\n" (means CRLF).
On a Windows system the mail function speaks directly to the SMTP Server (port 25) and therefore in headers linebreaks like "\r\n" (means CRLF) are required at once. Nobody else would care for transformation.
If you use the constant PHP_EOL instead of own character sequences, the php installation will take care for the required line ending as well on Linux as on Windows installations.
We had a LAMP setting with postfix as mail system. Our additional headers were not interpreted correctly by a receiving mailserver (Exchange/ENOD32) and a newline was inserted after the first additional header.
It turns out that a internet/dos style newline (\r\n) in the headers were converted to \r\r\n (ie: something mindlessly replaced all \n with \r\n without seeing if \n was already preceded by \r)
I don't know if this is something in PHP or postfix, but seeing the comments below I suspect it is something of PHP on *NIX in combination with non-sendmail mailers.
So, use your 'local' newline style for additional headers, as opposed to the examples above.
I don't know if this is a bug anywhere. I don't know which element exactly does the unix2dos translation. If it is PHP, it should only replace ([^\r])\n with \1\r\n
Italian users cursing against "È" and other uppercase-accented-vowels ("vocali maiuscole accentate"") in subjects! While the lowercase ones ("è", "é" and so on) work as expected, qmail doesn't handle the uppercase ones.
To fix it, the only way I found was this:
<?php
function mail_utf8($to, $subject = '(No subject)', $message = '', $header = '') {
$header_ = 'MIME-Version: 1.0' . "\r\n" . 'Content-type: text/plain; charset=UTF-8' . "\r\n";
mail($to, '=?UTF-8?B?'.base64_encode($subject).'?=', $message, $header_ . $header);
}
?>
It should apply to other languages too.
If you are using SSMTP, pay attention to the "If messages are not received, try using a LF (\n) only" note above about "poor quality MTAs", since it appears that SSMTP currently exhibits this behavior in version 2.62-r7.
This appears to be mentioned in this Debian bug report:
http://preview.tinyurl.com/2fqxswv
The mail function will stop including headers if you misspell one of them. It doesn't report an error, it just puts the offending header and all that follow it in the body of the message. My great transgression was using MIME Version instead of MIME-Version, a lapse which cost me several hours.
Make sure you enclose \r\n in double quotes (not single quotes!) so that PHP can translate that into the correct linefeed code
Outlook 2007 seemed to be a little finicky with me to have carriage returns in the headers. So any \r\n resulted in messages that had default apache messages sent over to me.
As soon as I removed \r from all of the headers, the script started working fine. Hope that helped.
Note: On some windows platforms this is NOT thread safe.
We are having email message bodies being sent out to the wrong headers multiple times, some failing to send, and other bizarre stuff. If you google search for "php mail thread safe" you can find a ton of relevant information.
This is not a bug in php, there have been multiple bugs closed with this issue being dismissed as not an issue with PHP.
RFC-2822 is quite explicit, that "Though some message systems locally store messages in this format (which eliminates the need for translation between formats) and others use formats that differ from the one specified in this standard, local storage is outside of the scope of this standard."
And it is not just "some", but most Unix mailers choke when you try pipe CRLF instead of Unix line endings to "sendmail" command. PHP is using line endings as is, so you have better chances for success if you use Unix file format or line endings.
It is important to filter the form input to prevent header injection. Here is a simple way:
<?php
# Anti-header-injection - Use before mail()
# By Victor Benincasa <vbenincasa(AT)gmail.com>
foreach($_REQUEST as $fields => $value) if(eregi("TO:", $value) || eregi("CC:", $value) || eregi("CCO:", $value) || eregi("Content-Type", $value)) exit("ERROR: Code injection attempt denied! Please don't use the following sequences in your message: 'TO:', 'CC:', 'CCO:' or 'Content-Type'.");
?>
--
Alex M.
Bare LFs in SMTP
Use This
<?php
// Fix any bare linefeeds in the message to make it RFC821 Compliant.
$message = preg_replace("#(?<!\r)\n#si", "\r\n", $message);
// Make sure there are no bare linefeeds in the headers
$headers = preg_replace('#(?<!\r)\n#si', "\r\n", $headers);
?>
A quick note about the optional flags that can be passed to sendmail. -f will set the From address, -r will override the default Return-path that sendmail generates (typically the From address gets used). If you want your bouncebacks to go to a different address than the from address, try using both flags at once: "-f myfromemail@example.com -r mybounceemail@example.com"
An observation about safe_mode and mail()
It looks like multiple \r\n's are replaced by a single \r\n inside the string passed to "additional_headers". I can only re-produce this on a box running with safe_mode enabled.
If (for some reason) your script crafts the entire email message in the headers, this will most likely produce a blank email on safe_mode boxes (like this script I've been trying to get working).
I was having trouble with the newline and carriage return characters when using the mail function in a custom script within Joomla since the stupid input validations kept stripping them (changed "/r/n" to "rn").
To get around this, I used chr(13) and chr(10) to insert them.
<?php
$headers .= 'To: Mary <mary@example.com>, Kelly <kelly@example.com>' . chr(13) . chr(10);
$headers .= 'From: Birthday Reminder <birthday@example.com>' . chr(13) . chr(10);
?>
Hope that helps someone.
I recently had an issue where the mail() function would work fine from the php cli but not from apache.
I eventually traced this down to the fact that I was using apparmor
Specifically, I configured apparmor to deny the apache user the ability to use /bin/dash
After changing apparmor to /bin/dash rix
and reloading the apparmor profile, mail worked
In other words, mail requires the account/program executing the script to be able to use /bin/dash
I hope this helps someone
UTF-8 and QMail
This function should work for all of you, who want to switch to UTF-8 email - especially if using Qmail as Mailserver.
QMail seems to have problems with the "\r\n" in the header section. I found it helpful to replace them with "\n".
<?php
function mail_utf8($to, $subject = '(No subject)', $message = '', $from) {
$header = 'MIME-Version: 1.0' . "\n" . 'Content-type: text/plain; charset=UTF-8'
. "\n" . 'From: Yourname <' . $from . ">\n";
mail($to, '=?UTF-8?B?'.base64_encode($subject).'?=', $message, $header);
}
?>
I was trying to create a script that would send large forms without having to get/post each value first and came up with this... should help someone to save valuable time.
<?php
$emailSentTo = "";
$subjectOfEmail = "";
//========= no need to edit bellow
// Set HTML Mail Header
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// The Message
$message = $GLOBALS["HTTP_SERVER_VARS"]["REQUEST_URI"];
//Cleaning Message
$message = str_replace('?','<br><hr>',str_replace('/','File used for submittimg this form: ',str_replace('=',': ',str_replace('&','<br>',$message))));
// Sending
mail($emailSentTo, $subjectOfEmail, $message, $headers);
//Thanking
echo "<script language=\"javascript\" type=\"text/javascript\">
alert('Thank You, We will contact you shortly.');
window.location = \"http://$_SERVER[HTTP_HOST]\";
</script>
";
?>
Currently my hosting service is on Godaddy. When attempting to use the mail function without the fifth parameter containing "-f", my message headers would not work.
Whenever your message headers do not work, simply try using the fifth parameter:
<?php
mail($to, $subject, $message, $headers, "-femail.address@example.com");
?>
Setting an envelope-sender address avoids mail bounces annoying your system administrator.
If your mail cannot be delivered, it will be rejected to the address specified as the "SMTP-envelope-from" (or the "envelope sender" or "return path", depending on the terminology you like to use )
If you do not explicitly set an envelope-from address then PHP will default to the php.ini setting which - if you have not set this yourself - could be nobody@[your-ISP-domain] or anonymous@[your-ISP-domain], for example.
To avoid bothering the person at that address - or indeed, if you are wondering why you are not receiving mail rejections yourself - you should use the "-f" option in the <$additional_parameters> argument to set a valid address.
(and, by the way: If you do this, but you do not set a From: address in the <$additional_headers> argument then PHP will set a default From: address of "From: Nobody <your-envelope-sender-setting>". ).
Problem: mail disappearing; not being sent
There are many reasons why your mail might fail to be sent, but one particularly obscure reason is as follows.
You must take extra care if the machine that is sending the mail also operates mail forwarding for your domain and you are sending mail to a user at that domain. In this situation, it is common for the MTA to avoid doing a "proper" MX look-up because it "knows" that there is a local list of mail-forwarding rules. This saves resources, and normally shouldnt be a problem, of course.
HOWEVER, if you deliberately alter your MX record to point to a mail server hosted elsewhere and, e.g. update your mail forwarding rules at that location, AND the server that sends your PHP-generated mail "decides" that it will save resources by not checking the MX record THEN it will use your old set of forwarding rules because it is ignoring your MX record.
If an appropriate forwarding rule does not exist locally, then the mail may be dropped without generating any error (i.e. no "bounce" message).
The symptom of the problem is that mail to certain users at your domain will be wrongly delivered or not delivered at all.
An obscure problem, perhaps, but one that I have experienced, and which took a long time to solve!
Linux users have an easy way to send attachments using the mutt program. See: http://www.shelldorado.com/articles/mailattachments.html
For example:
$cmd = "echo '$BODY_TEXT' | mutt -s '$SUBJECT' -a '$filename_1' -a '$filename_2' '$email'";
exec ($cmd);
I was (finally) able to get multipart HTML mail working.
The 'boundary' must be defined with double quotes, not apostrophes.
$headers .= "Content-Type: multipart/alternative;boundary=\"$boundary\";\n\n";
The example indicates \r\n at the end of each line in the headers but this was causing me problems as emails showed some of the headers as part of the body. I simply used only \n as in some of the other examples and the problem went away.
To define a mail priority you have to put this lines in the headers:
<?php
$headers = "MIME-Version: 1.0\n" ;
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"\n";
$headers .= "X-Priority: 1 (Higuest)\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "Importance: High\n";
$status = mail($to, $subject, $message,$headers);
?>
Here i've added many headers information including the Priority...
I experienced problems with removed euro signs and some other accented letters. The text came from a DB but contained the euro sign etcetera inside the mail function, just as when you would define it as a string. (Did die($newsletter['message']). It was lost in the mail I received though! When I defined the message as a string inside the sending function (overriding text from DB), including euro sign as a single character, I DID receive the email including euro sign!
This was experienced on 2 different email accounts. With one I received no text after the euro sign.
But only when text came from mySQL DB from a longtext Latin1-field...
I installed the pear mail class and this solved the strange problem and could just send text from the DB...
On some shared hosts like 1and1.co.uk, when using mail() function with '-f' flag, email may be quietly 'dropped' and not sent at all without any error message returned if '-f' option is used without email address valid on this host.
For example, if used as '-ftest@test.com' the email will be dropped on 1and1 provider. But if you have a 'real' mailbox on the server, for example 'black-hole@mydomain.com', and you use '-fblack-hole@mydomain.com' then the email will be sent. At the same time envelope's 'Return-Path' will be set properly to 'black-hole@mydomain.com' instead of 'test@shared.host.name'.
Beware if you're trying to use "-f" or "-r" with the 5th parameter of the PHP mail() function, and you're relying on a plain vanilla install of sendmail on Linux, it won't work. You'll have to either change the sendmail config and add your script's userid to "trusted-users" (easier said than done... good luck with that!), or, remove sendmail and install postfix (much easier).
As some SMTP servers (for example Argosoft Mail Server for Windows) may lead into troubles when sending a mail to "Full Name <user@domain.tld>" instead of simply "user@domain.tld", the following may be a solution:
<?php
$Result = trim(preg_replace("/([\w\s]+)<([\S@._-]*)>/", " $2", $Input));
?>
I'm not a PCRE guru, but this seems to work pretty good with any number of e-mail addresses, even when the $Input contains "mixed" address definitions (ie. some with Full Name and some without).
Examples:
Input: "User 1 <user1@foo.tld>, User 2 <user2@foo.tld>, user3@foo.tld"
Result: "user1@foo.tld, user2@foo.tld, user3@foo.tld";
Input: "user1@foo.tld, user2@foo.tld"
Result: "user1@foo.tld, user2@foo.tld"
The use of trim is optional, just to keep a nice space after the comma separator. If you don't mind about showing nice recipient lists to the MTA, I think this would work as well:
<?php
$Result = preg_replace("/([\w\s]+)<([\S@._-]*)>/", "$2", $Input);
?>
Anyway I hope that someone could improve these expressions. :)
if your mail is failing (returns false) be aware that many servers are configured to kill mail going out with a bcc or cc header.
The ideal workaround is to use the smtp functions which servers allow because of its better audit trail. Alternatively call the mail function several times.
I've just spent about four hours trying to work out what I was doing wrong!!
For solving japanese subject in php mail.
we had a problem was when we give shift-jis encoded test for subject in mail, the mail received displayed as "BQ Tech\ Ý t H [" in subject where the content in the mail was showing correctly.
we solved it by using this code.
$subject =iconv( "Shift_JIS","EUC-JP", "BQ Tech申込みフォーム");
we can convert like this for japanese encoding not working correctly for japanese text.
This is my solution of problems with Windows Mail on Vista. I got some of the headers in the mail body as plain text. When I removed '\r' and left just '\n' at the end of the two last lines of header it worked. This error didn't show up in my yahoo mail.
<?php
$body = "<html>\n";
$body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$body = $message;
$body .= "</body>\n";
$body .= "</html>\n";
$headers = "From: My site<noreply@my_site.com>\r\n";
$headers .= "Reply-To: info@my_site.com\r\n";
$headers .= "Return-Path: info@my_site.com\r\n";
$headers .= "X-Mailer: Drupal\n";
$headers .= 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
return mail($recipient, $subject, $message, $headers);
?>
To send XML content in mail use this
Content-Type: text/xml
instead of Content-Type: text/html
I tried the example provided by [hn at nesland dot net] but it didn't quite work, as the error:
Fatal error: Cannot redeclare mail()
was encountered.
Also, the runkit_function_rename() caused apache to exit with Segmentation fault (11)
This works like a charm:
<?PHP
@dl("runkit.so");
@runkit_function_copy("mail", "__org_mail");
@runkit_function_remove("mail");
@runkit_function_copy("__new_mail", "mail");
@runkit_function_remove("__new_mail");
function __new_mail($to, $subject, $message, $additional_headers = null, $additional_parameters = null) {
/* do your own mail function checks here */
return __org_mail($to, $subject, $message, $additional_headers, $additional_parameters);
}
?>
Atleast it worked for me, stripping newlines from $to, $subject, removing unwanted headers from $additional_headers and adding new headers to $additional_headers for debugging - this way I'll be able to track the origin of the mail using the headers.
You'll need enable_dl = On in your php.ini and also runkit.internal_override = "1"
I wanted to remove the execution of __org_mail(), so I tried to add this to disable_functions in php.ini but that didn't seem to work, so be aware that the original function can still be executed, and found by using get_defined_functions().
Another possible cause for the "501 5.5.4 Invalid Address" type errors when sending mail from Windows is specifying BCC or CC parameters with no value.
Note, that single line should not contain more than 78 character, but is not allowed to contain more than 998 characters.
The possible consequences are:
Over 78 - clients are allowed to display the message in a "harder to read" way.
Over 998 - clients and servers are allowed to drop the message or cause any buffer-limit error.
See:
http://www.faqs.org/rfcs/rfc2822 part 2.1.1.
<?PHP
$title=$_POST['title'];
$name=$_POST['name'];
$email=$_POST['email'];
$telephone=$_POST['telephone'];
$fax=$_POST['fax'];
$address=$_POST['address'];
$country=$_POST['country'];
$comment=$_POST['comment'];
# -=-=-=- MIME BOUNDARY
$mime_boundary = "----MSA Shipping----".md5(time());
# -=-=-=- MAIL HEADERS
$to = "dlwijerathna@gmail.com";
//$to = "duminda@dumidesign.com";
//$to = "info@msashipping.com";
$subject = "Information Request from MSA Shipping - Contact Form";
$headers = "From: MSA SHIPPING <webmaster@msashipping.com>\n";
$headers .= "Reply-To: MSA Shipping <webmaster@msashipping.com>\n";
$headers .= "BCC: dumidesign@gmail.com";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\n";
$message .= "--$mime_boundary\n";
$message .= "Content-Type: text/html; charset=UTF-8\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= "<html>\n";
$message .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$message .= "<table width=\"800\" height=\"159\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" >";
$message .="<tr>";
$message .="<td height=\"66\" colspan=\"4\" bgcolor=\"#CCCCCC\"></td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td width=\"1%\"></td>";
$message .="<td colspan=\"3\"> </td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td width=\"100\"><b>Title</b></td>";
$message .="<td align=\"left\" >:</td>";
$message .="<td>$title</td>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Name</b></td>";
$message .="<td>:</td>";
$message .="<td>$name</td>";
$message .="</tr>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>E-mail</b></td>";
$message .="<td>:</td>";
$message .="<td>$email</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Telephone</b></td>";
$message .="<td>:</td>";
$message .="<td>$telephone</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Fax</b></td>";
$message .="<td>:</td>";
$message .="<td>$fax</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Country</b></td>";
$message .="<td>:</td>";
$message .="<td>$country</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td> </td>";
$message .="<td><b>Comments</b></td>";
$message .="<td>:</td>";
$message .="<td>$comment</td>";
$message .="</tr>";
$message .="<tr>";
$message .="<td height=\"21\" colspan=\"4\" bgcolor=\"#CCCCCC\"></td>";
$message .="</tr>";
$message .="</table>";
$message .= "</body>\n";
$message .= "</html>\n";
# -=-=-=- FINAL BOUNDARY
$message .= "--$mime_boundary--\n\n";
# -=-=-=- SEND MAIL
$mail_sent = @mail( $to, $subject, $message, $headers );
//echo $mail_sent ? "Mail sent" : "Mail failed";
if($mail_sent)
{
header('Location:contactus.php?msg=yes');
}
else
{
header('Location:contactus.php?msg=no');
}
?>
The work-around for a large quantity of recipients is putting the adresses in the header-section as Bcc adresses.
In this way the mail()-function opens and closes the SMTP connection only once:
<?php
$count_recip= count($recip);//where $recip represents an array of mail-adresses, from MySql-query or otherwise
$count='0';
$headers.="Bcc: ";
while($count < $count_recip){
$headers.=$recip[$count].", ";
$count ++;
}
$headers.="admin@mailinglist.com\r\n";
?>
If the Cc or Bcc lines appear in the message body, make sure you're separating header lines with a new line (\n) rather than a carriage return-new line (\r\n). That should come at the very end of the headers.
There differenece in body, headers of email (with attachment, without attachment), see this complete example below:
work great for me (LINUX , WIN) and (Yahoo Mail, Hotmail, Gmail, ...)
<?php
$to = $_POST['to'];
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$comment = $_POST['message'];
$To = strip_tags($to);
$TextMessage =strip_tags(nl2br($comment),"<br>");
$HTMLMessage =nl2br($comment);
$FromName =strip_tags($name);
$FromEmail =strip_tags($email);
$Subject =strip_tags($subject);
$boundary1 =rand(0,9)."-"
.rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
$boundary2 =rand(0,9)."-".rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
for($i=0; $i < count($_FILES['youfile']['name']); $i++){
if(is_uploaded_file($_FILES['fileatt']['tmp_name'][$i]) &&
!empty($_FILES['fileatt']['size'][$i]) &&
!empty($_FILES['fileatt']['name'][$i])){
$attach ='yes';
$end ='';
$handle =fopen($_FILES['fileatt']['tmp_name'][$i], 'rb');
$f_contents =fread($handle, $_FILES['fileatt']['size'][$i]);
$attachment[]=chunk_split(base64_encode($f_contents));
fclose($handle);
$ftype[] =$_FILES['fileatt']['type'][$i];
$fname[] =$_FILES['fileatt']['name'][$i];
}
}
/***************************************************************
Creating Email: Headers, BODY
1- HTML Email WIthout Attachment!! <<-------- H T M L ---------
***************************************************************/
#---->Headers Part
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
AKAM;
#---->BODY Part
$Body =<<<AKAM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
This is a multi-part message in MIME format.
--$boundary1
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary1
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary1--
AKAM;
/***************************************************************
2- HTML Email WIth Multiple Attachment <<----- Attachment ------
***************************************************************/
if($attach=='yes') {
$attachments='';
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="$boundary1"
AKAM;
for($j=0;$j<count($ftype); $j++){
$attachments.=<<<ATTA
--$boundary1
Content-Type: $ftype[$j];
name="$fname[$i]"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="$fname[$j]"
$attachment[$j]
ATTA;
}
$Body =<<<AKAM
This is a multi-part message in MIME format.
--$boundary1
Content-Type: multipart/alternative;
boundary="$boundary2"
--$boundary2
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary2
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary2--
$attachments
--$boundary1--
AKAM;
}
/***************************************************************
Sending Email
***************************************************************/
$ok=mail($To, $Subject, $Body, $Headers);
echo $ok?"<h1> Mail Sent</h1>":"<h1> Mail not SEND</h1>";
?>
If you are using the sendmail app from an exim package or something you don't really need to change the normal parameters PHP gives it (-t -i) as other posts described.
I just added "-f myemail@foo.com" and it worked.
One thing that got me stuck for a few hours was trying to figure out why the return-path was set as the user (user running php) and not what I was setting it with the -f option then I later found at that in order to forcefully set the return-path the user account running the command must be in exim's trusted users configuration! It helps to add trusted_groups as well then everything works fine :)
- Richard Sumilang
This is a simple and quick (dirty?) fix for encoding long UTF-8 email subjects.
<?php
$subject= mb_encode_mimeheader($subject,"UTF-8", "B", "\n");
?>
Changing the $transfer_encoding parameter* from B (Base64) to Q (Quoted-Printable) seems to work too.
*See the mb_encode_mimeheader documentation here http://php.net/manual/en/function.mb-encode-mimeheader.php
This one is based on the previously posted solution by J.Halmu http://php.net/manual/en/function.mail.php#75886 , added the two last parameters to prevent long subjects from breaking the email. It worked flawlessly on a RHEL environmet. No further tests, sorry.
send e-mail in utf-8
there is already a solution from omgs. but with a longer subject line there could be problem (splitting the subject line in a encoded character).
here my solution:
<?php
// hmm no better solution?
function imap8bit(&$item, $key) {
$item = imap_8bit($item);
}
function email($e_mail, $subject, $message, $headers)
{
// add headers for utf-8 message
$headers .= "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "Content-Transfer-Encoding: quoted-printable\r\n";
// encode subject
//=?UTF-8?Q?encoded_text?=
// work a round: for subject with wordwrap
// not fixed, no possibility to have one in a single char
$subject = wordwrap($subject, 25, "\n", FALSE);
$subject = explode("\n", $subject);
array_walk($subject, imap8bit);
$subject = implode("\r\n ", $subject);
$subject = "=?UTF-8?Q?".$subject."?=";
// encode e-mail message
$message = imap_8bit($message);
return(mail("$e_mail", "$subject", "$message", "$headers"));
}
?>
Apparently if using the mbstring library, and using overriden functions, the "mail" command appears to use "Content-Transfer-Encoding: BASE64" by default. Which if you combine it with PEAR Mail_Mime you'll get mails that, although they appear RFC compliant, not mailer can read correctly.
To fix this it appears you should add a fixed header in the mail command (this one assumes the pear mime module is 7bit clean, perhaps 8bit would also be fine)
<?php $headers['Content-Transfer-Encoding'] = '7bit'; ?>
When sending html formatted mails to gmail accounts you might notice that the html is shown in plain text. This happens when you send from an unix system and gmail treats the "\r\n" line ends in a wrong way. Use "\n" instead at it will be fine.
Content-Type: text/html; charset=iso-8859-1\n
instead of
Content-Type: text/html; charset=iso-8859-1\r\n
Tired of idiots and imbeciles who creates unsecure php-code and lets spammers abuse mail()? Try this dirty trick:
With auto_prepend, prepend this file:
<?php
// You need to install pecl-module, runkit.
dl("runkit.so");
// We could rename the function, but that currently makes my apache segfault, but this works :-P
runkit_function_copy ( "mail","intmail" );
runkit_function_remove( "mail" );
function mail( $to, $subject, $message, $additional_headers = null, $additional_parameters = null ) {
$___domain = $_SERVER['SERVER_NAME'];
$fp = fopen("/tmp/my_super_mail_logg", "a");
fwrite( $fp, date("d.m.y H:i:s") . " " . $___domain . ": $to / $subject\n");
fclose( $fp );
return intmail( $to, $subject, $message, $additional_headers, $additional_parameters );
}
?>
You probably shouldn't log to /tmp, or any other place as the webserver-user, see syslog-functions ;)
And of course you can manipulate the different parameters, like adding custom headers to each email (For instance; "X-From-Web: {$_SERVER['SERVER_NAME']}")..
In addition to the $to parameter restrictions on Windows (ie. address can not be in "name <user@example.com>" format), the same restrictions apply to the parsed Cc and Bcc headers of the $additional_headers parameter.
However, you can include a To header in $additional_parameters which lists the addresses in any RFC-2822 format. (For display purposes only. You still need to list the bare addresses in the $to parameter.)
Please note that using an address in this format "Zane, CEO - MegaLab.it" <myaddrr@mydomain> (" are needed due to comma) works as expected under *nix, but WON'T WORK under Windows.
This is an example
<?php
mail("\"Zane, CEO - MegaLab.it\" <myaddrr@mydomain>", "prova da test_zane", "dai funziona...");
?>
It works under *unix, but it doensn't under Win: different error are reported:
Warning: mail() [function.mail]: SMTP server response: 553 5.0.0 <"Zane>... Unbalanced '"'
Warning: mail() [function.mail]: SMTP server response: 501 5.5.4 Invalid Address
I use text/plain charaset=iso-8859-1 and get bad headers complain from amavis. This helped me:
[code]
$subject = mb_encode_mimeheader('ääööö test test öäöäöä','UTF-8');
[/code]
php-version 5.2.2
For qmail users, I have written a function that talks directly to qmail-queue, rather than going through the sendmail wrapper used by mail(). Thus it allows more direct control over the message (for example, you can adapt the function to display "undisclosed recipients" in to the To: header). It also performs careful validation of the e-mail addresses passed to it, making it more difficult for spammers to exploit your scripts.
Please note that this function differs from the mail() function in that the from address must be passed as a _separate_ argument. It is automatically put into the message headers and _does not_ need to be included in $additional_headers.
$to can either be an array or a single address contained in a string.
$message should not contain any carriage return characters - only linefeeds.
No validation is performed on $additional_headers. This is mostly unnecessary because qmail will ignore any additional To: headers injected by a malicious user. However if you have some strange mail setup it might be a problem.
The function returns false if the message fails validation or is rejected by qmail-queue, and returns true on success.
<?php
function qmail_queue($to, $from, $subject, $message, $additional_headers = "")
{
// qmail-queue location and hostname used for Message-Id
$cmd = "/var/qmail/bin/qmail-queue";
$hostname = trim(file_get_contents("/var/qmail/control/me"));
// convert $to into an array
if(is_scalar($to))
$to = array($to);
// BEGIN VALIDATION
// e-mail address validation
$e = "/^[-+\\.0-9=a-z_]+@([-0-9a-z]+\\.)+([0-9a-z]){2,4}$/i";
// from address
if(!preg_match($e, $from)) return false;
// to address(es)
foreach($to as $rcpt)
{
if(!preg_match($e, $rcpt)) return false;
}
// subject validation (only printable 7-bit ascii characters allowed)
// needs to be adapted to allow for foreign languages with 8-bit characters
if(!preg_match("/^[\\040-\\176]+$/", $subject)) return false;
// END VALIDATION
// open qmail-queue process
$dspec = array
(
array("pipe", "r"), // message descriptor
array("pipe", "r") // envelope descriptor
);
$pipes = array();
$proc = proc_open($cmd, $dspec, $pipes);
if(!is_resource($proc)) return false;
// write additional headers
if(!empty($additional_headers))
{
fwrite($pipes[0], $additional_headers . "\n");
}
// write to/from/subject/date/message-ID headers
fwrite($pipes[0], "To: " . $to[0]); // first recipient
for($i = 1; $i < sizeof($to); $i++) // additional recipients
{
fwrite($pipes[0], ", " . $to[$i]);
}
fwrite($pipes[0], "\nSubject: " . $subject . "\n");
fwrite($pipes[0], "From: " . $from . "\n");
fwrite($pipes[0], "Message-Id: <" . md5(uniqid(microtime())) . "@" . $hostname . ">\n");
fwrite($pipes[0], "Date: " . date("r") . "\n\n");
fwrite($pipes[0], $message);
fwrite($pipes[0], "\n");
fclose($pipes[0]);
// write from address and recipients
fwrite($pipes[1], "F" . $from . "\0");
foreach($to as $rcpt)
{
fwrite($pipes[1], "T" . $rcpt . "\0");
}
fwrite($pipes[1], "\0");
fclose($pipes[1]);
// return true on success.
return proc_close($proc) == 0;
}
?>
Here is a PHP Mail Multipart/Alternative (Plain Text and HTML) code for *nix servers (Unix Like Servers)... if you are hosted on a windows server, simply replace all "\n" or "\n\n" in the below code to "\r\n" or "\r\n\r\n" respectively.
This code is for anyone who has already written an HTML page for their PHP mail... there are several PHP > HTML free translators on the internet. You may use one of them to translate your HTML code to PHP to insert into the following code. All there needs to change is to place a backslash before any quotations (EX: ... confirm that \"Our Company\" has ...), and to end each line with a newline character (EX: \n )...
This code method has been successfully tested with Apple Mail, Microsoft Outlook, G-Mail, and Yahoo Mail. I hope this helps out anyone that is writing a multipart/alternative PHP mailer script.
<?php
# -=-=-=- PHP FORM VARIABLES (add as many as you would like)
$name = $_POST["name"];
$email = $_POST["email"];
$invoicetotal = $_POST["invoicetotal"];
# -=-=-=- MIME BOUNDARY
$mime_boundary = "----Your_Company_Name----".md5(time());
# -=-=-=- MAIL HEADERS
$to = "$email";
$subject = "This text will display in the email's Subject Field";
$headers = "From: Our Company <company@ourcompany.com>\n";
$headers .= "Reply-To: Our Company <company@ourcompany.com>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\n";
# -=-=-=- TEXT EMAIL PART
$message = "--$mime_boundary\n";
$message .= "Content-Type: text/plain; charset=UTF-8\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= "$name:\n\n";
$message .= "This email is to confirm that \"Our Company\" has received your order.\n";
$message .= "Please send payment of $invoicetotal to our company address.\n\n";
$message .= "Thank You.\n\n";
# -=-=-=- HTML EMAIL PART
$message .= "--$mime_boundary\n";
$message .= "Content-Type: text/html; charset=UTF-8\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= "<html>\n";
$message .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:14px; color:#666666;\">\n";
$message .= "$name:<br>\n";
$message .= "<br>\n";
$message .= "This email is to confirm that \"Our Company\" has received your order.<br>\n";
$message .= "Please send payment of $invoicetotal to our company address.<br>\n\n";
$message .= "<br>\n";
$message .= "Thank You.<br>\n\n";
$message .= "</body>\n";
$message .= "</html>\n";
# -=-=-=- FINAL BOUNDARY
$message .= "--$mime_boundary--\n\n";
# -=-=-=- SEND MAIL
$mail_sent = @mail( $to, $subject, $message, $headers );
echo $mail_sent ? "Mail sent" : "Mail failed";
?>
While trying to send attachments I ran into the problem of having the beginning part of my encoded data being cut off.
A fact that I didn't see mentioned anywhere explicitly (except maybe in the RFC, which admittedly I didn't read fully) was that two newlines are required before you start the encoded data:
Content-Transfer-Encoding: base64\n
Content-Type: application/zip; name="test_file.zip"\n
\n //<--- if this newline isn't here your data will get cut off
DATA GOES HERE
I had a lot of trouble trying to send multipart messages to gmail accounts until I discovered gmail does not like carriage returns, even under unix I have to use only new lines (\n) and forget about the (\r) . Other email clients such as eudora, outlook, hotmail or yahoo seem not to have issues about the "missing" \r . Hope it helps.
Since lines in $additional_headers must be separated by \n on Unix and \r\n on Windows, it might be useful to use the PHP_EOL constant which contains the correct value on either platform.
Note that this variable was introduced in PHP 5.0.2 so to write portable code that also works in PHP versions before that, use the following code to make sure it exists:
<?php
if (!defined('PHP_EOL')) define ('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");
?>
One thing it can be difficult to control with this function is the envelope "from" address. The envelope "from" address is distinct from the address that appears in the "From:" header of the email. It is what sendmail uses in its "MAIL FROM/RCPT TO" exchange with the receiving mail server. It also typically shows up in the "Return-Path:" header, but this need not be the case. The whole reason it is called an "envelope" address is that appears _outside_ of the message header and body, in the raw SMTP exchange between mail servers.
The default envelope "from" address on unix depends on what sendmail implementation you are using. But typically it will be set to the username of the running process followed by "@" and the hostname of the machine. In a typical configuration this will look something like apache@box17.isp.net.
If your emails are being rejected by receiving mail servers, or if you need to change what address bounce emails are sent to, you can change the envelope "from" address to solve your problems.
To change the envelope "from" address on unix, you specify an "-r" option to your sendmail binary. You can do this globally in php.ini by adding the "-r" option to the "sendmail_path" command line. You can also do it programmatically from within PHP by passing "-r address@domain.com" as the "additional_parameters" argument to the mail() function (the 5th argument). If you specify an address both places, the sendmail binary will be called with two "-r" options, which may have undefined behavior depending on your sendmail implementation. With the Postfix MTA, later "-r" options silently override earlier options, making it possible to set a global default and still get sensible behavior when you try to override it locally.
On Windows, the the situation is a lot simpler. The envelope "from" address there is just the value of "sendmail_from" in the php.ini file. You can override it locally with ini_set().
I had trouble getting multiple emails sent for Outlook accounts (a single PHP page performed 2 mail() calls).
The PHP mail() function works correctly, but the same mails that were recieved on a private POP3 server were randomly missing by our intranet Outlook exchange server.
If you have the same problem, try to verify that the "Message-ID: " is unique at the $headers string. i.e.
<?php
$headers = [...] .
"Message-ID: <". time() .rand(1,1000). "@".$_SERVER['SERVER_NAME'].">". "\r\n" [...];
?>
(rand() is used only for demonstration purposes. a better way is to use an index variable that increments (i++) after each mail)
I noticed that when multiple messeges were sent simultaneously, the message-id was the same (probably there was no miliseconds differential). My guess is that Outlook is collating messages with the same message-ID; a thing that causes only one email to pass to the Outlook inbox instead of a few.
[EDITOR's NOTE: Following based off of a note originally by marcelo dot maraboli at usm dot cl which has been removed.]
I had a trouble with marcelo' function, I had to add "$val == 63" condition into "if" sentence for '?' character
<?php
# From marcelo post:
function encode_iso88591($string)
{
$text = '=?iso-8859-1?q?';
for( $i = 0 ; $i < strlen($string) ; $i++ )
{
$val = ord($string[$i]);
if($val > 127 or $val == 63)
{
$val = dechex($val);
$text .= '='.$val;
}
else
{
$text .= $string[$i];
}
}
$text .= '?=';
return $text;
}
and later use:
// create email
$msg = wordwrap($msg, 70);
$to = "destination@company.com";
$subject = encode_iso88591("hoydía caminé !!");
$headers = "MIME-Versin: 1.0\r\n" .
"Content-type: text/plain; charset=ISO-8859-1; format=flowed\r\n" .
"Content-Transfer-Encoding: 8bit\r\n" .
"From: $from\r\n" .
"X-Mailer: PHP" . phpversion();
mail($to, $subject, $msg, $headers);
?>
An important rule of thumb, because it seems few really follow it and it can alleviate so many headaches: When filtering your email headers for injection characters use a regular expression to judge whether the user's input is valid. For example to see if the user entered a valid e-mail address use something like [a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}. Dont try to filter out bad characters (like searching for LF or CR), because you will ALWAYS miss something. You can be sure your application is more secure going this route....provided the regular expression is valid! This same point goes for any sort of form input not just for sending out emails.
Change the function addattachment for multipartmail to auto detect the mime_content_type ...
<?php
function addattachment($file){
$fname = substr(strrchr($file, "/"), 1);
$data = file_get_contents($file);
$i = count($this->parts);
$content_id = "part$i." . sprintf("%09d", crc32($fname)) . strrchr($this->to_address, "@");
$this->parts[$i] = "Content-Type: ".mime_content_type($file)."; name=\"$fname\"\r\n" .
"Content-Transfer-Encoding: base64\r\n" .
"Content-ID: <$content_id>\r\n" .
"Content-Disposition: inline;\n" .
" filename=\"$fname\"\r\n" .
"\n" .
chunk_split( base64_encode($data), 68, "\n");
return $content_id;
}
?>
Searched for ages on the internet trying to find something that parses EML files and then sends them...for all of you who want to send an EML files you first have to upload it, read it, then delete it. Here's my function...it's specialised for a single form where the user uploads the EML file.
<?php
if(isset($_POST['submit']))
{
// Reads in a file (eml) a user has inputted
function eml_read_in()
{
$file_ext = stristr($_FILES['upload']['name'], '.');
// If it is an eml file
if($file_ext == '.eml')
{
// Define vars
$dir = 'eml/';
$file = $dir.basename($_FILES['upload']['name']);
$carry = 'yes';
// Try and upload the file
if(move_uploaded_file($_FILES['upload']['tmp_name'], $file))
{
// Now attempt to read the file
if($eml_file = file($file))
{
// Create the array to store preliminary headers
$headers = array();
$body = '';
$ii = -1;
// For every line, carry out this loop
foreach($eml_file as $key => $value)
{
$pattern = '^<html>';
if(((eregi($pattern, $value)))||($carry == 'no'))
{
// Stop putting data into the $headers array
$carry = 'no';
$i++;
$body .= $value;
}
else
{
// Separate each one with a colon
if(($eml_file_expl = explode(':', $value))&&($carry == 'yes'))
{
// The row has been split in half at least...
if(isset($eml_file_expl[1]))
{
// Put it into the preliminary headers
$headers[$eml_file_expl[0]] = $eml_file_expl[1];
// There might be more semicolons in it...
for($i=2;$i<=$count;$i++)
{
// Add the other values to the header
$headers[$eml_file_expl[0]] .= ':'.$eml_file_expl[$i];
}
}
}
}
}
// Clear up the headers array
$eml_values = array();
$eml_values[to] = $headers[To];
$eml_values[from] = $headers[From];
$eml_values[subject] = $headers[Subject];
$eml_values['reply-to'] = $headers['Reply-To'];
$eml_values['content-type'] = $headers['Content-Type'];
$eml_values[body] = $body;
unlink($file);
return $eml_values;
}
}
else
{
return '<p>File not uploaded - there was an error</p>';
}
}
}
// Takes information automatically from the $_FILES array...
$eml_pattern = eml_read_in()
// Headers definable...through eml_read_in() again, but I'm guessing they'll be the same for each doc...
if(mail($eml_pattern[to], $eml_pattern[subject], $eml_pattern[content], $headers)) echo 'Mail Sent';
?>
correction for class multipartmail
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[0] ....
?>
if you are adding attachment first and then addmessage you can easy overwrite added attachment - better use
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[count($this->parts)] ....
?>
I found out that a ms server (ESMTP MAIL Service, Version: 5.0.2195.6713) also had the problem using CRLF in the headers:
If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with RFC 2822.
The suggested fix works.
Sander
Here's my way of detecting an attempt to hijack my mail form.
<?php #requires PHP 5 or greater
$request = array_map('trim',($_SERVER['REQUEST_METHOD'] == "POST") ? $_POST : $_GET) ;
//check for spam injection
$allfields = implode('',$request) ;
$nontext = $request ;
unset($nontext['message'] );
$nontextfields = implode ('',$nontext) ;
if ((strpos ($nontextfields,"\\r")!==false) ||
(strpos ($nontextfields,"\\n")!==false) ||
(stripos ($allfields,"Content-Transfer-Encoding")!==false) ||
(stripos ($allfields,"MIME-Version")!==false) ||
(stripos ($allfields,"Content-Type")!==false) ||
($request['checkfield']!=$check) ||
(empty($_SERVER['HTTP_USER_AGENT']))) die('Incorrect request') ; //stop spammers ?>
First, I put the data into an array $request, then set up two strings: $allfields, which is just all fields concatenated, then $nontext, which excludes those fields in which \r\n is allowed (e.g., the message body). Any form field in which \r\n is allowed should be unset in the $nontext array before the second implode function (my message field is called 'message', so I unset that). I also include a hidden field in the form with a preset value ('checkfield', $check), so I can see if something is trying to alter all fields.
This is a combination of a lot of things mentioned in the messages below...
To all you guys out there having problems with mail scripts throwing back this (and you know your scripts are right!!)...
Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in:
I had started seeing this after moving some scripts from 4.3 servers to 5.
a dirty get around is using
ini_set ("sendmail_from","a.body@acompany.com");
to force the From header.
Not ideal but it works.
;)
As noted in other, well, notes; the "additional headers" parameter can be easily exploited, when doing things like:
<?php
mail( $_POST['to'], $_POST['subject'], $_POST['message'], 'Reply-to: '.$_POST['from']."\r\n" );
?>
An easy way of fixing this, is removing CRLFs from the header-strings, like so:
<?php
$_POST['from'] = str_replace( "\r\n", '', $_POST['from'] );
?>
This way, the extra data will be part of the previous header.
Note: on class "multipartmail". Modify the function buildmessage with the following and it will work great.
function buildmessage(){
$this->message = "This is a multipart message in mime format.\n";
$cnt = count($this->parts);
for($i=0; $i<$cnt; $i++){
$this->message .= "--" . $this->boundary . "\n" .$this->parts[$i];
}
$this->message .= "--" . $this->boundary . "-- \n";
}
Thank for all the help.
Note that there is a big difference between the behavior of this function on Windows systems vs. UNIX systems. On Windows it delivers directly to an SMTP server, while on a UNIX system it uses a local command to hand off to the system's own MTA.
The upshot of all this is that on a Windows system your message and headers must use the standard line endings \r\n as prescribed by the email specs. On a UNIX system the MTA's "sendmail" interface assumes that recieved data will use UNIX line endings and will turn any \n to \r\n, so you must supply only \n to mail() on a UNIX system to avoid the MTA hypercorrecting to \r\r\n.
If you use plain old \n on a Windows system, some MTAs will get a little upset. qmail in particular will refuse outright to accept any message that has a lonely \n without an accompanying \r.
Another example of sending a utf-8 HTML mail:
<?php
$to = 'bob@example.com';
$subject = 'Wakeup bob!';
$message = '<b>yo</b>, whassup?';
$headers = "From: server@example.com\r\n" .
'X-Mailer: PHP/' . phpversion() . "\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: text/html; charset=utf-8\r\n" .
"Content-Transfer-Encoding: 8bit\r\n\r\n";
// Send
mail($to, $subject, $message, $headers);
?>
Problems with Microsoft Exchange and PHP as ISAPI-module
We found out, that if you want to send multipart mime emails using the PHP mail-function on a Windows box using a Microsoft Exchange server, you have to use separate containers for the mail body and the mail header.
In many examples like in http://www.zend.com/zend/trick/html-email.php or in the book PHP developers cookbook you find html multipart/alternative mailing solutions that build the mime header and the mail body into one PHP variable and send this as fourth argument (header) to the PHP mail-function. This works fine on most systems but not on the above mentioned combination.
We found a rather trivial solution: Simply split the mime mail header and the mail body into two separate variables and give them separately to the PHP mail function, example:
<?php
//add From: header
$headers = "From: webserver@localhost\r\n";
//specify MIME version 1.0
$headers .= "MIME-Version: 1.0\r\n";
//unique boundary
$boundary = uniqid("HTMLDEMO");
//tell e-mail client this e-mail contains//alternate versions
$headers .= "Content-Type: multipart/mixed; boundary = $boundary\r\n\r\n";
//plain text version of message
$body = "--$boundary\r\n" .
"Content-Type: text/plain; charset=ISO-8859-1\r\n" .
"Content-Transfer-Encoding: base64\r\n\r\n";
$body .= chunk_split(base64_encode("This is the plain text version!"));
//HTML version of message
$body .= "--$boundary\r\n" .
"Content-Type: text/html; charset=ISO-8859-1\r\n" .
"Content-Transfer-Encoding: base64\r\n\r\n";
$body .= chunk_split(base64_encode("This the <b>HTML</b> version!"));
//send message
mail("root@localhost", "An HTML Message", $body, $headers);
?>
The article mentioned below is quite good to understand the problem of header injection. However, it suggests the following as a solution: look for "\n" and "\r" inside your user input fields (especially in those used for the $header param) and, if found reject the mail.
Allthough this will probably work I still believe it is better to have a "white list" of allowed characters instead of a "black list" with forbidden characters.
Example:
If you want a user to enter his name, then allow characters only!
If you want a user to enter his email adress, then check if the entry is a valid email adress.
Doing so might automatically solve problems which you didn't think of when you created the "black list". For SMTP headers colons are needed. If you check for a valid email adress the hacker won't be able to enter colons inside that form field.
I suggest using regular expressions for those checks.
For more information about regular expressions see:
http://www.regular-expressions.info/
This might be something obvious, but it gave me a lot of headache to find out:
If you use an ascii char#0 in the "string mensaje" parameter, it will truncate the message till that point, (this happened to me sending a message read from a file)
For example:
<?php
$hs_email="blabla@blabla.com";
$hs_asunto="a message for you";
$hs_contenido="beginofcontent_";
$hs_contenido.=chr(0);
$hs_contenido.="_endofcontent";
mail($hs_email,$hs_asunto,$hs_contenido);
?>
Will result in an email that only contains the string:
beginofcontent_
Anyway, just in case it can save someone some time...
Just a comment on some of the examples, and as a note for those who may be unaware. The SMTP RFC 822 is VERY explicit in stating that \r\n is the ONLY acceptable line break format in the headers, though is a little vague about the message body. While many MTAs will deal with just \n, I've run accross plenty of them that will exhibit "interesting" behaviours when this happens. Those MTAs that are strict in compliance will definitely break when header lines are terminated with only \n. They will also most likely break if the body of the message contains more than 1000 consecutive characters without a \r\n.*
Note that RFC 821 is a little more clear in defining:
"line
A a sequence of ASCII characters ending with a <CRLF>."
RFC 821 makes no distinction between header lines and message body lines, since both are actually transmitted during the DATA phase.
Bottom line, best practice is to be sure to convert any bare \n characters in the message to \r\n.
* "The maximum total length of a text line including the <CRLF> is 1000 characters" (RFC 821)
Users of Mac OS X Server need to activate SMTP part of the Mailserver before this is working.
Also note that if the ISP has blocked port 25 outgoing, you run into problems. You can find more info about this in the SMTP server log in Server Admin application if you run OSX Server.
A co-worker of mine had a problem where she needed to have a backslash in the header. Basically, the name of the company has a couple of backslashes in it. However, when the recipient was receiving the email, the "From:" part had the backslashes removed. We got it to work but placing three backslashes whenever we wanted one to show up. I'd assume that the mail server was modifying the headers and this is not really an issue with php. Anyway, thought this might help someone.
I get a 550 error when using mail() with this To format:
User <user@example.com>
When it's changed to just the bare email, it works fine. Just FYI that some mail servers may behave this way.
When sending MIME email make sure you follow the documentation with the "70" characters per line...you may end up with missing characters...and that is really hard to track down...
How to add multiple attachment to an email:
An email can be split into many parts separated by a boundary followed by a Content-Type and a Content-Disposition.
The boundary is initialized as follows:
<?php
$boundary = '-----=' . md5( uniqid ( rand() ) );
?>
You can attach a Word document if you specify:
<?php
$message .= "Content-Type: application/msword; name=\"my attachment\"\n";
$message .= "Content-Transfer-Encoding: base64\n";
$message .= "Content-Disposition: attachment; filename=\"$theFile\"\n\n";
?>
When adding a file you must open it and read it with fopen and add the content to the message:
<?php
$path = "whatever the path to the file is";
$fp = fopen($path, 'r');
do //we loop until there is no data left
{
$data = fread($fp, 8192);
if (strlen($data) == 0) break;
$content .= $data;
} while (true);
$content_encode = chunk_split(base64_encode($content));
$message .= $content_encode . "\n";
$message .= "--" . $boundary . "\n";
?>
Add the needed headers and send!
<?php
$headers = "From: \"Me\"<me@example.com>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/mixed; boundary=\"$boundary\"";
mail('myAddress@example.com', 'Email with attachment from PHP', $message, $headers);
?>
Finally, if you add an image and want it displayed in your email, change the Content-Type from attachment to inline:
<?php
$message .= "Content-Disposition: inline; filename=\"$theFile\"\n\n";
?>
Enjoy!
When including your own custom headers try not to include a trailing \r\n at the end of the last header. Leaving the \r\n causes an extra line-feed at the beginning of the message body, so your message will start on the second line.
mail() requires /bin/sh to exist in Unix environments, next to a mail delivery program. This is very relevant when setting up apache in a chroot environment. Unfortunately this isn't anywhere in the documentation and took me several months to figure out.
If you're using a linux server using Postfix, and your server hasn't the host name set to a valid name (because it's behind a firewall in an intranet), it's possible that when sending mails using the mail function, some mail servers reject them. This is because they can't check the return path header. If you want to change the Return-Path used by sendmail init the php.ini and edit the sendmail_path variable to this:
sendmail_path = "sendmail -t -i -F webmaster@yoursite.com -f webmaster@yoursite.com"
My mime multipart/alternative messages were going ok, until I switched to qmail with php .. after years of painfull searching, I came across this on the Life With Qmail 'Gotchas' section:
G.11. Carriage Return/Linefeed (CRLF) line breaks don't work
qmail-inject and other local injection mechanisms like sendmail don't work right when messages are injected with DOS-style carriage return/linefeed (CRLF) line breaks. Unlike Sendmail, qmail requires locally-injected messages to use Unix newlines (LF only). This is a common problem with PHP scripts.
So now, I can go back to sending emails with text AND html components :)
If you can't use or don't understand how to use the sendmail program from linux, you can use a PEAR object to send mail.
<?php
include("Mail.php");
$recipients = "mailto@example.com";
$headers["From"] = "mailfrom@example.com";
$headers["To"] = "mailto@example.com";
$headers["Subject"] = "Test message";
$body = "TEST MESSAGE!!!";
$params["host"] = "example.com";
$params["port"] = "25";
$params["auth"] = true;
$params["username"] = "user";
$params["password"] = "password";
// Create the mail object using the Mail::factory method
$mail_object =& Mail::factory("smtp", $params);
$mail_object->send($recipients, $headers, $body);
?>
In my case, i use a smtp server that require authentication, and sendmail configuration is almost cryptic to me.
PEAR is already installed in PHP 4.0.3 , if not, you must go to http://pear.php.net/ and install it, in my case, I needed to add the Socket.php to the PEAR library.
***Encoding plain text as quoted-printable in MIME email***
If you don't want to install IMAP and use imap_8bit() to encode plain text or html message as quoted-printable
(friendly french special characters encoding :-) in MIME email, try this function.
I haven't fully tested it ( like with microtime with long mails). I send html message as 7-bit, so I didn't try yet with html.
If you have good html practise, you don't really need to encode html as quote-printable as it only uses 7-bit chars.
F.Touchard
<?php
function qp_encoding($Message) {
/* Build (most polpular) Extended ASCII Char/Hex MAP (characters >127 & <255) */
for ($i=0; $i<127; $i++) {
$CharList[$i] = "/".chr($i+128)."/";
$HexList[$i] = "=".strtoupper(bin2hex(chr($i+128)));
}
/* Encode equal sign & 8-bit characters as equal signs followed by their hexadecimal values */
$Message = str_replace("=", "=3D", $Message);
$Message = preg_replace($CharList, $HexList, $Message);
/* Lines longer than 76 characters (size limit for quoted-printable Content-Transfer-Encoding)
will be cut after character 75 and an equals sign is appended to these lines. */
$MessageLines = split("\n", $Message);
$Message_qp = "";
while(list(, $Line) = each($MessageLines)) {
if (strlen($Line) > 75) {
$Pointer = 0;
while ($Pointer <= strlen($Line)) {
$Offset = 0;
if (preg_match("/^=(3D|([8-9A-F]{1}[0-9A-F]{1}))$/", substr($Line, ($Pointer+73), 3))) $Offset=-2;
if (preg_match("/^=(3D|([8-9A-F]{1}[0-9A-F]{1}))$/", substr($Line, ($Pointer+74), 3))) $Offset=-1;
$Message_qp.= substr($Line, $Pointer, (75+$Offset))."=\n";
if ((strlen($Line) - ($Pointer+75)) <= 75) {
$Message_qp.= substr($Line, ($Pointer+75+$Offset))."\n";
break 1;
}
$Pointer+= 75+$Offset;
}
} else {
$Message_qp.= $Line."\n";
}
}
return $Message_qp;
}
?>
If your server doesn't have mb_send_mail() enabled but you want to use non-ascii (multi-byte) chars in an email's subject or name headers, you can use something like the following:
<?php
$charset = "iso-2202-jp"; // japanese
$to = encode("japanese name 01", $charset) . " <to@email.com>";
$from = encode("japanese name 02", $charset) . " <from@email.com>";
$subject = encode("japanese text");
$message = "does not need to be encoded";
mail($to, $subject, $message, $from);
function encode($in_str, $charset) {
$out_str = $in_str;
if ($out_str && $charset) {
// define start delimimter, end delimiter and spacer
$end = "?=";
$start = "=?" . $charset . "?B?";
$spacer = $end . "\r\n " . $start;
// determine length of encoded text within chunks
// and ensure length is even
$length = 75 - strlen($start) - strlen($end);
/*
[EDIT BY danbrown AT php DOT net: The following
is a bugfix provided by (gardan AT gmx DOT de)
on 31-MAR-2005 with the following note:
"This means: $length should not be even,
but divisible by 4. The reason is that in
base64-encoding 3 8-bit-chars are represented
by 4 6-bit-chars. These 4 chars must not be
split between two encoded words, according
to RFC-2047.
*/
$length = $length - ($length % 4);
// encode the string and split it into chunks
// with spacers after each chunk
$out_str = base64_encode($out_str);
$out_str = chunk_split($out_str, $length, $spacer);
// remove trailing spacer and
// add start and end delimiters
$spacer = preg_quote($spacer);
$out_str = preg_replace("/" . $spacer . "$/", "", $out_str);
$out_str = $start . $out_str . $end;
}
return $out_str;
}
// for details on Message Header Extensions
// for Non-ASCII Text see ...
// http://www.faqs.org/rfcs/rfc2047.html
?>
How to detect a bounce email
1. make sure the email you send out have the header
"Return-Path: detect-bounce@example.com\r\n",
&
"Return-Receipt-To: bounce@example.com\r\n"
2. setup this detect-bounce mail account at your mail server
3. redirect the incoming mail from this email account to your php script (check your mail server doc on how do this)
4. your php script will then be able to process the incoming email in whatever way you like, including to detect bounce mail message (use regexp search).
Note that the mail will be not be store after the mail server has redirect to your script. If you want to store it, you need additional code in your script
Hope the above help
Steven Lim
IT Consultant (www.Edinburgh-Consulting.com)