©
이 문서에서는 PHP 중국어 웹사이트 매뉴얼 풀어 주다
(PHP 4, PHP 5)
mail — 发送邮件
$to
, string $subject
, string $message
[, string $additional_headers
[, string $additional_parameters
]] )发送一封电子邮件。
to
电子邮件收件人,或收件人列表。
本字符串的格式必须符合 » RFC 2822。例如:
subject
电子邮件的主题。
本项不能包含任何换行符,否则邮件可能无法正确发送。
message
所要发送的消息。
行之间必须以一个 LF( )分隔。每行不能超过 70 个字符。
(Windows 下)当 PHP 直接连接到 SMTP 服务器时,如果在一行开头发现一个句号,则会被删掉。要避免此问题,将单个句号替换成两个句号。
<?php
$text = str_replace ( "\n." , "\n.." , $text );
?>
additional_headers
(可选项)String to be inserted at the end of the email header.
This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n).
Note:
When sending mail, the mail must contain a From header. This can be set with the
additional_headers
parameter, or a default can be set in php.ini.Failing to do this will result in an error message similar to Warning: mail(): "sendmail_from" not set in php.ini or custom "From:" header missing.
Note:
If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with » RFC 2822.
additional_parameters
(optional)
The additional_parameters
parameter
can be used to pass an additional parameter to the program configured
to use when sending mail using the sendmail_path
configuration setting. For example, this can be used to set the
envelope sender address when using sendmail with the
-f sendmail option.
The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users.
Returns TRUE
if the mail was successfully accepted for delivery, FALSE
otherwise.
It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.
版本 | 说明 |
---|---|
4.3.0 (Windows only) | All custom headers (like From, Cc, Bcc and Date) are supported, and are not case-sensitive. (As custom headers are not interpreted by the MTA in the first place, but are parsed by PHP, PHP < 4.3 only supported the Cc header element and was case-sensitive). |
4.2.3 |
The additional_parameters parameter is disabled in
safe_mode and the
mail() function will expose a warning message
and return FALSE when used.
|
4.0.5 |
The additional_parameters parameter was added.
|
Example #1 Sending mail.
Using mail() to send a simple email:
<?php
// The message
$message = "Line 1\nLine 2\nLine 3" ;
// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap ( $message , 70 );
// Send
mail ( 'caffinated@example.com' , 'My Subject' , $message );
?>
Example #2 Sending mail with extra headers.
The addition of basic headers, telling the MUA the From and Reply-To addresses:
<?php
$to = 'nobody@example.com' ;
$subject = 'the subject' ;
$message = 'hello' ;
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion ();
mail ( $to , $subject , $message , $headers );
?>
Example #3 Sending mail with an additional command line parameter.
The additional_parameters
parameter
can be used to pass an additional parameter to the program configured
to use when sending mail using the sendmail_path.
<?php
mail ( 'nobody@example.com' , 'the subject' , 'the message' , null ,
'-fwebmaster@example.com' );
?>
Example #4 Sending HTML email
It is also possible to send HTML email with mail() .
<?php
// multiple recipients
$to = 'aidan@example.com' . ', ' ; // note the comma
$to .= 'wez@example.com' ;
// subject
$subject = 'Birthday Reminders for August' ;
// message
$message = '
<html>
<head>
<title>Birthday Reminders for August</title>
</head>
<body>
<p>Here are the birthdays upcoming in August!</p>
<table>
<tr>
<th>Person</th><th>Day</th><th>Month</th><th>Year</th>
</tr>
<tr>
<td>Joe</td><td>3rd</td><td>August</td><td>1970</td>
</tr>
<tr>
<td>Sally</td><td>17th</td><td>August</td><td>1973</td>
</tr>
</table>
</body>
</html>
' ;
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n" ;
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n" ;
// Additional headers
$headers .= 'To: Mary <mary@example.com>, Kelly <kelly@example.com>' . "\r\n" ;
$headers .= 'From: Birthday Reminder <birthday@example.com>' . "\r\n" ;
$headers .= 'Cc: birthdayarchive@example.com' . "\r\n" ;
$headers .= 'Bcc: birthdaycheck@example.com' . "\r\n" ;
// Mail it
mail ( $to , $subject , $message , $headers );
?>
Note:
If intending to send HTML or otherwise Complex mails, it is recommended to use the PEAR package » PEAR::Mail.
Note:
The Windows implementation of mail() differs in many ways from the Unix implementation. First, it doesn't use a local binary for composing messages but only operates on direct sockets which means a MTA is needed listening on a network socket (which can either on the localhost or a remote machine).
Second, the custom headers like From:, Cc:, Bcc: and Date: are not interpreted by the MTA in the first place, but are parsed by PHP.
As such, the
to
parameter should not be an address in the form of "Something <someone@example.com>". The mail command may not parse this properly while talking with the MTA.
Note:
It is worth noting that the mail() function is not suitable for larger volumes of email in a loop. This function opens and closes an SMTP socket for each email, which is not very efficient.
For the sending of large amounts of email, see the » PEAR::Mail, and » PEAR::Mail_Queue packages.
Note:
The following RFCs may be useful: » RFC 1896, » RFC 2045, » RFC 2046, » RFC 2047, » RFC 2048, » RFC 2049, and » RFC 2822.
[#1] jimmytrojan009 at gmail dot com [2015-10-26 18:05:40]
I have tried many online tutorials to get mail() function working in windows, until i stumbled upon this website
http://php.codeindepth.com/php-sending-mail/
It really boils down to changing few directives in php.ini and sendmail.ini
Changes required in sendmail.ini
smtp_server=smtp.gmail.com
smtp_port=587
error_logfile=error.log
debug_logfile=debug.log
auth_username=your-gmail-id@gmail.com
auth_password=your-gmail-password
force_sender=your-gmail-id@gmail.com
Changes required in php.ini
SMTP=smtp.gmail.com
smtp_port=587
sendmail_from = your-gmail-id@gmail.com
sendmail_path = "\"C:\xampp\sendmail\sendmail.exe\" -t"
;sendmail_path = "C:\xampp\mailtodisk\mailtodisk.exe"
[#2] Alexandre T. [2015-09-09 08:19:05]
For those who, just like me, was wondering what happens if you overwrite the "To" and "Subject" parameters with corresponding headers, here's your answer:
At least in unix environment (tested with CentOS6 + Exim), is that your custom headers are appended to email headers without any parsing. The final result is:
<?php
$headers = "To: header@ccc.com\r\n";
$headers .= "Subject: Subject as a header\r\n";
$headers .= "From: noreply@server.com";
mail("parameter@aaa.com", "Subject as a parameter", "Sample message", $headers);
?>
As you can see, both headers are used.
Same thing happens when you use "" or FALSE as parameter, headers will still be duplicated:
<?php
mail(false, false, "Sample message", $headers);
?>
So, you SHOULD NEVER add custom "To" or "Subject" headers in your $headers parameter, as they will be placed AFTER the ones that you informed before in the MAIL() function parameters, very likely resulting in unexpected behaviours.
Behaviours known so far (tests using Exim / GMail):
- Exim read all "To:" headers, and send message to all of them;
- If you use $to parameter and add "To: {$to}" header, recipient will get two copies of the message;
- You can leave $to parameter empty, if you don't want any visible recipients (then, use only Bcc). However, anything "non-empty" (like $to="undisclosed-recipients") will be treated as a recipient, and your server will waste time and resources trying to send it and bouncing it when that delivery fails.
- Gmail only consider the first "Subject" header.
[#3] Filip [2015-04-18 09:48:39]
Why mb_send_mail() is not listed in See Also section?
It's very handy for "something other than ASCII" users.
[#4] stefan at kozioleks dot net [2015-03-24 23:10:05]
When setting additional headers while sending email, do not add an entry for "Subject" as shown in some examples. Yahoo mail (and likely a few others) will not accept any emails with a "Subject" declared in the additional headers along with "Reply to", "From", etc.
It took two years and a lot of headache to finally discover this tidbit via trial and error.
[#5] pierreantoine dot covet at gmail dot com [2014-03-19 08:50:08]
Hi,
I had lots of problems using the code in the exemple. HTML was not rightly formated in my email.
Problem solved by replacing "\r\n" by "\n" as header end line.
[#6] Tobias Christensen [2013-11-22 14:29:30]
It might be good to know, that you might get some Header error using the boundary, if it's not done correctly.
I got the header error about wrong close of the boundary, which in my case wasn't what was really wrong.
The thing to fix this might be to give the header before this a "\n\r", which might fix it.
For my case I needed to this twice, as I am doing this as strings, but as arrays and implodes them at the end with the "\n\r". I did it also in the specific header array, where the boundary is generated.
[#7] antoine dot php dot net at bonnefoy dot eu [2013-09-06 15:01:05]
Hello,
it's sometime hard to include multiple attachment, or to include pictures inside body.
Please find these 2 functions allowing sending email with attachment.
usage :
<?php
echo date("H:i:s");
echo mail::sendMail("to@domain.com", "Test Attach ". date("H:i:s"), "Contenu du mail <a href=3D'domain.com'>domain.com</a>", __FILE__, "xx@domain.com",'' , true);
?>
source :
<?php
class mail {
public static function prepareAttachment($path) {
$rn = "\r\n";
if (file_exists($path)) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$ftype = finfo_file($finfo, $path);
$file = fopen($path, "r");
$attachment = fread($file, filesize($path));
$attachment = chunk_split(base64_encode($attachment));
fclose($file);
$msg = 'Content-Type: \'' . $ftype . '\'; name="' . basename($path) . '"' . $rn;
$msg .= "Content-Transfer-Encoding: base64" . $rn;
$msg .= 'Content-ID: <' . basename($path) . '>' . $rn;
// $msg .= 'X-Attachment-Id: ebf7a33f5a2ffca7_0.1' . $rn;
$msg .= $rn . $attachment . $rn . $rn;
return $msg;
} else {
return false;
}
}
public static function sendMail($to, $subject, $content, $path = '', $cc = '', $bcc = '', $_headers = false) {
$rn = "\r\n";
$boundary = md5(rand());
$boundary_content = md5(rand());
// Headers
$headers = 'From: Mail System PHP <no-reply@domain.com>' . $rn;
$headers .= 'Mime-Version: 1.0' . $rn;
$headers .= 'Content-Type: multipart/related;boundary=' . $boundary . $rn;
//adresses cc and ci
if ($cc != '') {
$headers .= 'Cc: ' . $cc . $rn;
}
if ($bcc != '') {
$headers .= 'Bcc: ' . $cc . $rn;
}
$headers .= $rn;
// Message Body
$msg = $rn . '--' . $boundary . $rn;
$msg.= "Content-Type: multipart/alternative;" . $rn;
$msg.= " boundary=\"$boundary_content\"" . $rn;
//Body Mode text
$msg.= $rn . "--" . $boundary_content . $rn;
$msg .= 'Content-Type: text/plain; charset=ISO-8859-1' . $rn;
$msg .= strip_tags($content) . $rn;
//Body Mode Html
$msg.= $rn . "--" . $boundary_content . $rn;
$msg .= 'Content-Type: text/html; charset=ISO-8859-1' . $rn;
$msg .= 'Content-Transfer-Encoding: quoted-printable' . $rn;
if ($_headers) {
$msg .= $rn . '<img src=3D"cid:template-H.PNG" />' . $rn;
}
//equal sign are email special characters. =3D is the = sign
$msg .= $rn . '<div>' . nl2br(str_replace("=", "=3D", $content)) . '</div>' . $rn;
if ($_headers) {
$msg .= $rn . '<img src=3D"cid:template-F.PNG" />' . $rn;
}
$msg .= $rn . '--' . $boundary_content . '--' . $rn;
//if attachement
if ($path != '' && file_exists($path)) {
$conAttached = self::prepareAttachment($path);
if ($conAttached !== false) {
$msg .= $rn . '--' . $boundary . $rn;
$msg .= $conAttached;
}
}
//other attachement : here used on HTML body for picture headers/footers
if ($_headers) {
$imgHead = dirname(__FILE__) . '/../../../../modules/notification/ressources/img/template-H.PNG';
$conAttached = self::prepareAttachment($imgHead);
if ($conAttached !== false) {
$msg .= $rn . '--' . $boundary . $rn;
$msg .= $conAttached;
}
$imgFoot = dirname(__FILE__) . '/../../../../modules/notification/ressources/img/template-F.PNG';
$conAttached = self::prepareAttachment($imgFoot);
if ($conAttached !== false) {
$msg .= $rn . '--' . $boundary . $rn;
$msg .= $conAttached;
}
}
// Fin
$msg .= $rn . '--' . $boundary . '--' . $rn;
// Function mail()
mail($to, $subject, $msg, $headers);
}
}
?>
[#8] ittasks at gmail dot com [2013-03-28 20:55:46]
When dealing with mail headers "\n" and "\r\n" *sometimes* makes a big difference.
Once our CentOs servers got re-installed, all headers like:
$headers = "MIME-Version: 1.0\r\n";
$headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
...
became part of message body instead of headers
I was able to fixed this by replacing "\r\n" with just "\n"
[#9] g dot kuizinas at anuary dot com [2013-01-17 18:46:55]
<?php
**
* Function responsible for sending unicode emails.
*
* @author Gajus Kuizinas <g.kuizinas@anuary.com>
* @version 1.0.1 (2012 01 11)
*/
function mail_send($arr)
{
if (!isset($arr['to_email'], $arr['from_email'], $arr['subject'], $arr['message'])) {
throw new HelperException('mail(); not all parameters provided.');
}
$to = empty($arr['to_name']) ? $arr['to_email'] : '"' . mb_encode_mimeheader($arr['to_name']) . '" <' . $arr['to_email'] . '>';
$from = empty($arr['from_name']) ? $arr['from_email'] : '"' . mb_encode_mimeheader($arr['from_name']) . '" <' . $arr['from_email'] . '>';
$headers = array
(
'MIME-Version: 1.0',
'Content-Type: text/html; charset="UTF-8";',
'Content-Transfer-Encoding: 7bit',
'Date: ' . date('r', $_SERVER['REQUEST_TIME']),
'Message-ID: <' . $_SERVER['REQUEST_TIME'] . md5($_SERVER['REQUEST_TIME']) . '@' . $_SERVER['SERVER_NAME'] . '>',
'From: ' . $from,
'Reply-To: ' . $from,
'Return-Path: ' . $from,
'X-Mailer: PHP v' . phpversion(),
'X-Originating-IP: ' . $_SERVER['SERVER_ADDR'],
);
mail($to, '=?UTF-8?B?' . base64_encode($arr['subject']) . '?=', $arr['message'], implode("\n", $headers));
}
?>
Here is my helper function for those who are having problems properly handling UTF-8, subject, HTML, or even the headers data. I've been using it for over a year. It works fine with simple emails.
For anything more advanced (specifically, handling attachments and multiple email versions), you should be using an existing library like http://swiftmailer.org/.
[#10] shenyqwilliam [2012-11-12 14:32:20]
If you're sending a large attachment, you may encounter overflow problem.
AFAIK, two common limits could be responsible.
1. Postfix message size limit.
Edit /etc/postfix/main.cf . Change the value of "message_size_limit".
2. Apache memory size limit for scripts.
Edit /etc/php.ini . Change the value of "memory_limit".
//Then reload (or restart) Postfix and Apache.
//Empirically, sending 200MB attachment requires 500MB memory.
Be careful! Raising memory limits may cause unexpected consequences, and is hence deprecated.
Recommended alternatives include:
* Pack and split attachment into several emails.
* Only include a link to the file. The receiver can download it later.
* Use IMAP/POP3 server (e.g. Dovecot).
[#11] bburch at bouncingpixel dot com [2012-10-11 12:13:21]
When using the PHP mail() function with IIS 6 on Windows Server 2003, check your "Relay" settings on the SMTP Virtual Server in IIS. If you grant access to 127.0.0.1 and set then set your php.ini SMTP to the same IP address (along with setting the same port 25), you should have success in sending mail.
I'm using PHP 5.3 and have had success with this configuration and did not have to define the "sendmail_from" setting in our php.ini file.
[#12] Joost Brugman [2012-08-29 21:49:00]
When using mail() under a windows installation (tested under Xampp 1.7.7) any line in $headers that is (between the first and last properly formatted mail header and not a properly formatted mail headers itself) or (that is empty) is removed. As a result MIME formatted messages get scrambled. I am not sure if this behaviour is by design, but this is what it seems to do.
Example $headers:
01 From: "me" <me@domain.com>
02 MIME-Version: 1.0
03 Content-Type: multipart/mixed;
04 boundary=streamline503e8a5d00efdMessage
05
06 --streamline503e8a5d00efdMessage
07 Content-Type: multipart/alternative;
08 boundary=streamline503e8a5d00efdBody
09
10 --streamline503e8a5d00efdBody
11 Content-Type: text/plain;
12 charset=UTF-8
13 Content-Transfer-Encoding: quoted-printable
14
15 This message is written in HTML only.
16
17 --streamline503e8a5d00efdBody
18 Content-Type: text/html;
19 charset=UTF-8
20 Content-Transfer-Encoding: quoted-printable
21
22 This is an email with <b>html</b>content
23 --streamline503e8a5d00efdBody--
24
25 --streamline503e8a5d00efdMessage--
26
27 .
Here, lines 05, 09, 10, 14, 15, 16, 17 are removed. The first properly formatted mail header is on line 01. The last properly formatted mail header is on line 20. The before mentioned entries are between 01 and 20, not properly formatted mail headers themselves and are therefore removed.
Also, lines 21, 24, 26 are removed because they are empty.
As a result this message will be delivered, but the mime structure is broken, since relevant lines are left out.
The solution is to pass lines 01 through 04 in $headers and to pass 06 through 26 to $message. $message will passed unchanged and the mime structure will remain intact.
[#13] martin dot farrow at versacloud dot com [2012-08-06 09:07:11]
I've noticed that on some versions of PHP occasionally mail() returns the empty string for success, rather than true or false. The empty string evaluates to false.
if you use constructs like
if ( mail( ... ) ){
# do something here on success
}
this wont work consistently.
so you need code like
$ret=mail(....)
if ( $ret == '' || $ret ){
# do something here
}
to get consistent results.
[#14] pavel.lint at vk.com [2012-05-16 11:22:01]
Here's a small handy function I use to send email in UTF-8.
<?php
function mail_utf8($to, $from_user, $from_email,
$subject = '(No subject)', $message = '')
{
$from_user = "=?UTF-8?B?".base64_encode($from_user)."?=";
$subject = "=?UTF-8?B?".base64_encode($subject)."?=";
$headers = "From: $from_user <$from_email>\r\n".
"MIME-Version: 1.0" . "\r\n" .
"Content-type: text/html; charset=UTF-8" . "\r\n";
return mail($to, $subject, $message, $headers);
}
?>
[#15] rexlorenzo at gmail dot com [2012-05-02 01:24:40]
Be careful to not put extra spaces for the $headers variable.
For example, this didn't work on our servers:
$headers = "From: $from \r\n Bcc: $bcc \r\n";
But this did:
$headers = "From: $from\r\nBcc: $bcc\r\n";
Notice the removal of the spaces around the first \r\n.
[#16] bimal at sanjaal dot com [2012-04-20 05:05:53]
You can write clean PHP code while creating the headers correctly. First, build a list of all headers in an array. Then, glue them with "\r\n" character.
The code now looks clean and straight forward.
(Just compare it with the manual's example ;-) )
<?php
$headers = array();
$headers[] = "MIME-Version: 1.0";
$headers[] = "Content-type: text/plain; charset=iso-8859-1";
$headers[] = "From: Sender Name <sender@domain.com>";
$headers[] = "Bcc: JJ Chong <bcc@domain2.com>";
$headers[] = "Reply-To: Recipient Name <receiver@domain3.com>";
$headers[] = "Subject: {$subject}";
$headers[] = "X-Mailer: PHP/".phpversion();
mail($to, $subject, $email, implode("\r\n", $headers));
?>
[#17] Marc Parillo [2012-04-18 13:27:42]
If you follow the suggested format for the $to field, you can list multiple addresses in a comma-delimited string with spaces.
The spaces could be an issue if you're experiencing a similar problem. I was unable to send an e-mail to multiple addresses using that format. It started working for me when I removed all of the spaces in the $to string.
Example:
<?php
$to = 'nobody@example.com,anotheruser@example.com,yetanotheruser@example.com'; // no spaces
mail($to, 'the subject', 'the message');
?>
[#18] yarik dot bohatsky at gmail dot com [2012-04-17 15:02:48]
If you want to send UTF-8 HTML letter you need to mention charset twice:
1) In message header:
<?php
$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
?>
2) In HTML header:
<?php
$message = '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Fillon soutient ?? fond le retour d\'un Grand Prix de France</title>
</head>
<body>
<p>Le Premier ministre Fran?ois Fillon, passionn?? d\'automobile et pilote ?? ses heures, a apport?? un soutien appuy?? au retour d\'un Grand Prix de France au calendrier 2013 de la Formule 1, en faisant un passage-??clair vendredi sur le circuit Paul Ricard dans le Var.</p>
</body>
</html>
';
In this case Outlook will also "understand" that message is encoded using UTF-8.
[#19] geeralo at gmx dot de [2012-03-21 11:08:35]
Hello programmers!
There is something important I want to notice about charsets here:
"Content-Type: text/plain; charset = \"UTF-8\";\n"
is right and not only
"Content-Type: text/plain; charset=UTF-8\n"
Hope I could help other people who frustrate while searching the same mistake like me.
Remember also to write only \r for windows and not for Linux-Servers.
And at the end of the header should be an extra blank line:
$headers .= "Content-Type: text/plain; charset = \"UTF-8\";\n";
$headers .= "Content-Transfer-Encoding: 8bit\n";
$headers .= "\n";
Greetings
[#20] akger1379 at gmail dot com [2012-02-17 13:14:59]
Use sendmail in queue mode to prevent long pauses everytime php is calling the mail() function.
<?php
$additionalParameters = '-ODeliveryMode=d';
mail($to, $subject, $message, $headers, $additionalParameters);
?>
Your mails will be delivered everytime the sendmail daemon is processing the queue. To see what the interval may be see the "QUEUE_INTERVAL" variable in /etc/mail/sendmail.conf
[#21] Max AT [2012-02-15 09:26:53]
To define a mail sensitivity you have to put this line in the headers:
<?php
$headers = "MIME-Version: 1.0\n" ;
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"\n";
$headers .= "Sensitivity: Personal\n";
$status = mail($to, $subject, $message,$headers);
?>
Possible Options:
Sensitivity: Normal, Personal, Private and Company-Confidential
These will be recognised and handled in Outlook, Thunderbird and others.
[#22] ABOMB [2012-01-30 22:16:28]
I was having delivery issues from this function to Gmail, Yahoo, AOL, etc. I used the notes here to figure that you need to be setting your Return-Path to a valid email to catch bounces. There are two extra delivery gotchas on top of that:
1) The domain in the email used in the -f option in the php.ini sendmail parameter or in the mail() extra parameters field, needs to have a valid SPF record for the domain (in DNS as a "TXT" record type for sure and add an additional "SPF" type record if possible). Why? That's header field being used for spam checks.
2) You should also use a domain key or DKIM. The trick here is that the domain key/DKIM is case sensitive! I used Cpanel to create my domain key which automatically used all lowercase domain names in the key creation. I found when sending email and using a camel case "-f account@MyDomainHere.Com" option, my key was not accepted. However it was accepted when I used "-f account@mydomainhere.com".
There are many other factors that can contribute to mail not getting to inboxes, including your own multiple failed testing attempts, so I suggest you consult each site's guidelines and don't ask me for help. These are just the couple technical issues that helped my case.
I hope this saves someone some time and headaches...
[#23] debis at woh dot rr dot com [2011-12-14 15:09:29]
This is for Windows Server 2003, IIS 6.0 with SMTP virtual server.
The problem I had was not including init_set for the SMTP server, I thought the SMTP definition in the IIS SMTP virtual server configuration would work. When I sent mail manually this was not an issue.
Also, $mail_sent = @mail( $to, $subject, $message, $headers ); wouldn't work but $mail_sent = mail($to, $subject, $message, $headers); did.
Lack of date_default_timezone_set() only caused a warning because php guessed what it should be.
This worked:
<?php
$to = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
ini_set ( "SMTP", "smtp-server.example.com" );
date_default_timezone_set('America/New_York');
mail($to, $subject, $message, $headers);
?>
And just so you can troubleshoot, this worked when sending mail from the command line/manually. CLI worked even though the php code without the init_set function wouldn't work.
You will notice that the "rcpt to" and "to" fields appear redundant, but if both are not used, the delivered mail's "to" field will be blank/empty.
-------------------------------
telnet www.example.com 25
helo
mail from: webmaster@example.com
rcpt to: someone@example.com
data
to: someone@example.com
subject: test again to make sure
this is my message
.
quit
-----------------------------------
[#24] saganwebdesign [2011-10-14 07:01:34]
If you are getting frustrated that your email is being sent as plain text instead of HTML, typically one of your headers showing up in the email (even if other scripts on the same server seem to work fine!!!) then structure your headers like this:
<?php
$headers = 'From: You <you@example.com>' . "\n";
$headers .= 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
?>
Notice that the From is before the MIME and Content and only Content ends with "\r\n", the other are just "\n"
Not sure how it is possible for other scripts on the same server, same domain to work fine as shown in the very top instructions, and others need this crap... I spent a very frustrating couple hours figuring this out, hope you can avoid doing the same.
[#25] arunm [2011-09-14 05:24:18]
It is also advisable to set the return path in the headers; hence it will avoid the email to land in the spam folder!
eg:
$headers.="Return-Path:<name@example.com>\r\n";
[#26] Anda [2011-09-05 11:57:37]
Send Multi attachment email
<?php
function multi_attach_mail($to, $files, $sendermail){
// email fields: to, from, subject, and so on
$from = "Files attach <".$sendermail.">";
$subject = date("d.M H:i")." F=".count($files);
$message = date("Y.m.d H:i:s")."\n".count($files)." attachments";
$headers = "From: $from";
// boundary
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// headers for attachment
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
// multipart boundary
$message = "--{$mime_boundary}\n" . "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $message . "\n\n";
// preparing attachments
for($i=0;$i<count($files);$i++){
if(is_file($files[$i])){
$message .= "--{$mime_boundary}\n";
$fp = @fopen($files[$i],"rb");
$data = @fread($fp,filesize($files[$i]));
@fclose($fp);
$data = chunk_split(base64_encode($data));
$message .= "Content-Type: application/octet-stream; name=\"".basename($files[$i])."\"\n" .
"Content-Description: ".basename($files[$i])."\n" .
"Content-Disposition: attachment;\n" . " filename=\"".basename($files[$i])."\"; size=".filesize($files[$i]).";\n" .
"Content-Transfer-Encoding: base64\n\n" . $data . "\n\n";
}
}
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $sendermail;
$ok = @mail($to, $subject, $message, $headers, $returnpath);
if($ok){ return $i; } else { return 0; }
}
?>
[#27] epheterson at gmail dot com [2011-08-16 10:48:38]
After banging my head against the wall, I realized after my host updated PHP that the From line in the header requires quotes around the name where before it worked regardless. Otherwise it will report success, and not sent.
$headers .= 'From: "'. $Name . '" <' . $Email . '>' . "\r\n";
[#28] krzysiek dot 333 at gmail dot com [2011-08-02 23:24:40]
Sending messages with polish special characters:
<?php
function plmail($mail, $sub, $mes){
$headers = "From: ExRobot <robot@example.com>\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=utf-8\r\n";
$headers .="Content-Transfer-Encoding: 8bit";
$mes=htmlspecialchars_decode($mes,ENT_QUOTES);//optional - I use encoding to POST data
mail($mail, "=?utf-8?B?".base64_encode($sub)."?=", $mes, $headers);
}
?>
Page must be in utf-8 encoding.
[#29] mulllhausen [2011-07-17 22:14:31]
i found that emails were not getting sent when i specified multiple recipients separated by commas in the $to variable.
however i did find that i could specify multiple recipients using the the 'To: ' header. i am using php cli on ubuntu 10.04.1 lts.
hopefully this is useful to someone
[#30] me at arronwoods dot com [2011-06-24 07:42:53]
I've had all sorts of problems with scripts that don't set the "-f user@example.org" parameter when using mail() if postfix is the sendmail agent.
In postfix I had SMTP relay authentication based on the sender address, but it was always the PHP user as the sender until I adapted the code from:
<?php mail('test@example.org', 'Subject', 'Body', 'From: user@example.org'); ?>
to:
<?php mail('test@example.org', 'Subject', 'Body', 'From: user@example.org', '-f user@example.org'); ?>
I couldn't find a way to adjust PHP or Postfix to do this for me, so I had to edit the application. I was actually using Zend_Mail_Transport_Smtp, which made it that little bit trickier. I ended up with this:
<?php
class My_Mail_Transport_Sendmail extends Zend_Mail_Transport_Sendmail {
public function _sendMail() {
if ($this->parameters === null) {
$this->parameters = '-f ' . $this->_mail->getFrom();
}
return parent::_sendMail();
}
}
?>
[#31] vigo dot von dot harrach at gmx dot de [2011-05-19 14:49:54]
If using sendmail as transport agent, setting the "DeliveryMode" to "background" (asynchronous) instead of the default "interactive" (synchronous) makes mail() a lot faster, while still sending immediately.
You can either use the "additional parameters", e.g. mail($to, $subject, $message, $headers, 'O DeliveryMode=b'), or make this mode default by changing php.ini's "sendmail_path" to 'sendmail -t -i -O DeliveryMode=b'.
[#32] buraks78 at gmail dot com [2011-05-07 19:02:31]
If you are having problems changing the Sender and Return-Path headers, make sure that you are editing the right configuration file. On my CentOS 5.6:
[root@server mail]# ll /usr/sbin/sendmail
lrwxrwxrwx 1 root root 21 Oct 26 2009 /usr/sbin/sendmail -> /etc/alternatives/mta
[root@server mail]# ll /etc/alternatives/mta
lrwxrwxrwx 1 root root 23 Apr 9 07:48 /etc/alternatives/mta -> /usr/sbin/sendmail.exim
[root@server mail]# ll /usr/sbin/sendmail.exim
lrwxrwxrwx 1 root root 4 Apr 9 07:45 /usr/sbin/sendmail.exim -> exim
I spent some time trying to figure out why my changes to the sendmail.mc file were being ignored. Naturally, Exim configuration is different than Sendmail. You need to edit the /etc/exim/exim.conf file instead:
remote_smtp:
driver = smtp
return_path = bounce@example.com
headers_rewrite = apache@* info@example.com s
^ Don't forget the "s" at the end. See this page for more information: http://www.exim.org/exim-html-2.00/doc/html/spec_32.html#SEC669
If you are OK with displaying the apache user name (ie "Sender: apache@subdomain.example.com") in the email header, then just update the qualify_domain configuration option in the same file.
qualify_domain = example.com
This will fix the domain only (ie "Sender: apache@example.com").
[#33] shuitest at gmail dot com [2010-11-02 21:50:44]
If you use mutt, do as below,
/usr/bin/mutt -s '$subject' -f /dev/null -e 'set copy=no' -e 'set from = "{$GLOBALS[cfg][email_from]}"' -a '$attach_file_full_path' '{$GLOBALS[cfg][email_to]}' </dev/null 2>&1;
[#34] Michiel Uitdehaag [2010-09-30 01:07:20]
We had a LAMP setting with postfix as mail system. Our additional headers were not interpreted correctly by a receiving mailserver (Exchange/ENOD32) and a newline was inserted after the first additional header.
It turns out that a internet/dos style newline (\r\n) in the headers were converted to \r\r\n (ie: something mindlessly replaced all \n with \r\n without seeing if \n was already preceded by \r)
I don't know if this is something in PHP or postfix, but seeing the comments below I suspect it is something of PHP on *NIX in combination with non-sendmail mailers.
So, use your 'local' newline style for additional headers, as opposed to the examples above.
I don't know if this is a bug anywhere. I don't know which element exactly does the unix2dos translation. If it is PHP, it should only replace ([^\r])\n with \1\r\n
[#35] Porjo [2010-07-06 23:19:52]
Make sure you enclose \r\n in double quotes (not single quotes!) so that PHP can translate that into the correct linefeed code
[#36] umangberi at gmail dot com [2010-05-02 13:41:38]
Outlook 2007 seemed to be a little finicky with me to have carriage returns in the headers. So any \r\n resulted in messages that had default apache messages sent over to me.
As soon as I removed \r from all of the headers, the script started working fine. Hope that helped.
[#37] matthew dot mckay at uwrf dot edu [2010-02-17 13:57:17]
Note: On some windows platforms this is NOT thread safe.
We are having email message bodies being sent out to the wrong headers multiple times, some failing to send, and other bizarre stuff. If you google search for "php mail thread safe" you can find a ton of relevant information.
This is not a bug in php, there have been multiple bugs closed with this issue being dismissed as not an issue with PHP.
[#38] rch+php at online dot lt [2010-01-02 13:46:16]
RFC-2822 is quite explicit, that "Though some message systems locally store messages in this format (which eliminates the need for translation between formats) and others use formats that differ from the one specified in this standard, local storage is outside of the scope of this standard."
And it is not just "some", but most Unix mailers choke when you try pipe CRLF instead of Unix line endings to "sendmail" command. PHP is using line endings as is, so you have better chances for success if you use Unix file format or line endings.
[#39] Systemx [2009-11-04 02:29:48]
Bare LFs in SMTP
Use This
<?php
// Fix any bare linefeeds in the message to make it RFC821 Compliant.
$message = preg_replace("#(?<!\r)\n#si", "\r\n", $message);
// Make sure there are no bare linefeeds in the headers
$headers = preg_replace('#(?<!\r)\n#si', "\r\n", $headers);
?>
[#40] John [2009-10-20 11:38:26]
A quick note about the optional flags that can be passed to sendmail. -f will set the From address, -r will override the default Return-path that sendmail generates (typically the From address gets used). If you want your bouncebacks to go to a different address than the from address, try using both flags at once: "-f myfromemail@example.com -r mybounceemail@example.com"
[#41] dtbaker.com.au [2009-10-10 20:59:46]
An observation about safe_mode and mail()
It looks like multiple \r\n's are replaced by a single \r\n inside the string passed to "additional_headers". I can only re-produce this on a box running with safe_mode enabled.
If (for some reason) your script crafts the entire email message in the headers, this will most likely produce a blank email on safe_mode boxes (like this script I've been trying to get working).
[#42] Maven1 at example dot com [2009-10-09 13:28:37]
I was having trouble with the newline and carriage return characters when using the mail function in a custom script within Joomla since the stupid input validations kept stripping them (changed "/r/n" to "rn").
To get around this, I used chr(13) and chr(10) to insert them.
<?php
$headers .= 'To: Mary <mary@example.com>, Kelly <kelly@example.com>' . chr(13) . chr(10);
$headers .= 'From: Birthday Reminder <birthday@example.com>' . chr(13) . chr(10);
?>
Hope that helps someone.
[#43] Clayton Ginsburg [2009-08-18 12:38:35]
I recently had an issue where the mail() function would work fine from the php cli but not from apache.
I eventually traced this down to the fact that I was using apparmor
Specifically, I configured apparmor to deny the apache user the ability to use /bin/dash
After changing apparmor to /bin/dash rix
and reloading the apparmor profile, mail worked
In other words, mail requires the account/program executing the script to be able to use /bin/dash
I hope this helps someone
[#44] Edward [2009-08-01 14:08:56]
Currently my hosting service is on Godaddy. When attempting to use the mail function without the fifth parameter containing "-f", my message headers would not work.
Whenever your message headers do not work, simply try using the fifth parameter:
<?php
mail($to, $subject, $message, $headers, "-femail.address@example.com");
?>
[#45] php at caves dot org dot uk [2009-07-28 07:32:15]
Setting an envelope-sender address avoids mail bounces annoying your system administrator.
If your mail cannot be delivered, it will be rejected to the address specified as the "SMTP-envelope-from" (or the "envelope sender" or "return path", depending on the terminology you like to use )
If you do not explicitly set an envelope-from address then PHP will default to the php.ini setting which - if you have not set this yourself - could be nobody@[your-ISP-domain] or anonymous@[your-ISP-domain], for example.
To avoid bothering the person at that address - or indeed, if you are wondering why you are not receiving mail rejections yourself - you should use the "-f" option in the <$additional_parameters> argument to set a valid address.
(and, by the way: If you do this, but you do not set a From: address in the <$additional_headers> argument then PHP will set a default From: address of "From: Nobody <your-envelope-sender-setting>". ).
[#46] d dot r at usask dot ca [2009-06-05 09:44:20]
The example indicates \r\n at the end of each line in the headers but this was causing me problems as emails showed some of the headers as part of the body. I simply used only \n as in some of the other examples and the problem went away.
[#47] marcel dot portela at gmail dot com [2009-05-22 10:32:06]
To define a mail priority you have to put this lines in the headers:
<?php
$headers = "MIME-Version: 1.0\n" ;
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"\n";
$headers .= "X-Priority: 1 (Higuest)\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "Importance: High\n";
$status = mail($to, $subject, $message,$headers);
?>
Here i've added many headers information including the Priority...
[#48] aldertb at XS4ALL dot nl [2009-03-23 13:30:28]
I experienced problems with removed euro signs and some other accented letters. The text came from a DB but contained the euro sign etcetera inside the mail function, just as when you would define it as a string. (Did die($newsletter['message']). It was lost in the mail I received though! When I defined the message as a string inside the sending function (overriding text from DB), including euro sign as a single character, I DID receive the email including euro sign!
This was experienced on 2 different email accounts. With one I received no text after the euro sign.
But only when text came from mySQL DB from a longtext Latin1-field...
I installed the pear mail class and this solved the strange problem and could just send text from the DB...
[#49] alex_ramos at sourceforge dot net [2009-02-27 07:37:07]
Beware if you're trying to use "-f" or "-r" with the 5th parameter of the PHP mail() function, and you're relying on a plain vanilla install of sendmail on Linux, it won't work. You'll have to either change the sendmail config and add your script's userid to "trusted-users" (easier said than done... good luck with that!), or, remove sendmail and install postfix (much easier).
[#50] Erich at gasboysnospam dot net [2009-02-18 19:43:50]
if your mail is failing (returns false) be aware that many servers are configured to kill mail going out with a bcc or cc header.
The ideal workaround is to use the smtp functions which servers allow because of its better audit trail. Alternatively call the mail function several times.
I've just spent about four hours trying to work out what I was doing wrong!!
[#51] orjtor [2009-01-19 12:17:22]
This is my solution of problems with Windows Mail on Vista. I got some of the headers in the mail body as plain text. When I removed '\r' and left just '\n' at the end of the two last lines of header it worked. This error didn't show up in my yahoo mail.
<?php
$body = "<html>\n";
$body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$body = $message;
$body .= "</body>\n";
$body .= "</html>\n";
$headers = "From: My site<noreply@example.com>\r\n";
$headers .= "Reply-To: info@example.com\r\n";
$headers .= "Return-Path: info@example.com\r\n";
$headers .= "X-Mailer: Drupal\n";
$headers .= 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
return mail($recipient, $subject, $message, $headers);
?>
[#52] php at ontheroad dot net dot nz [2008-11-03 21:00:58]
Another possible cause for the "501 5.5.4 Invalid Address" type errors when sending mail from Windows is specifying BCC or CC parameters with no value.
[#53] molotster on google mail com [2008-10-13 01:03:03]
Note, that single line should not contain more than 78 character, but is not allowed to contain more than 998 characters.
The possible consequences are:
Over 78 - clients are allowed to display the message in a "harder to read" way.
Over 998 - clients and servers are allowed to drop the message or cause any buffer-limit error.
See:
http://www.faqs.org/rfcs/rfc2822 part 2.1.1.
[#54] webmaster at plumage dot nl [2008-09-01 14:53:38]
The work-around for a large quantity of recipients is putting the adresses in the header-section as Bcc adresses.
In this way the mail()-function opens and closes the SMTP connection only once:
<?php
$count_recip= count($recip);//where $recip represents an array of mail-adresses, from MySql-query or otherwise
$count='0';
$headers.="Bcc: ";
while($count < $count_recip){
$headers.=$recip[$count].", ";
$count ++;
}
$headers.="admin@example.com\r\n";
?>
[#55] bob [2008-07-15 13:51:22]
If the Cc or Bcc lines appear in the message body, make sure you're separating header lines with a new line (\n) rather than a carriage return-new line (\r\n). That should come at the very end of the headers.
[#56] akam [2008-05-28 06:55:25]
There differenece in body, headers of email (with attachment, without attachment), see this complete example below:
work great for me (LINUX , WIN) and (Yahoo Mail, Hotmail, Gmail, ...)
<?php
$to = $_POST['to'];
$email = $_POST['email'];
$name = $_POST['name'];
$subject = $_POST['subject'];
$comment = $_POST['message'];
$To = strip_tags($to);
$TextMessage =strip_tags(nl2br($comment),"<br>");
$HTMLMessage =nl2br($comment);
$FromName =strip_tags($name);
$FromEmail =strip_tags($email);
$Subject =strip_tags($subject);
$boundary1 =rand(0,9)."-"
.rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
$boundary2 =rand(0,9)."-".rand(10000000000,9999999999)."-"
.rand(10000000000,9999999999)."=:"
.rand(10000,99999);
for($i=0; $i < count($_FILES['youfile']['name']); $i++){
if(is_uploaded_file($_FILES['fileatt']['tmp_name'][$i]) &&
!empty($_FILES['fileatt']['size'][$i]) &&
!empty($_FILES['fileatt']['name'][$i])){
$attach ='yes';
$end ='';
$handle =fopen($_FILES['fileatt']['tmp_name'][$i], 'rb');
$f_contents =fread($handle, $_FILES['fileatt']['size'][$i]);
$attachment[]=chunk_split(base64_encode($f_contents));
fclose($handle);
$ftype[] =$_FILES['fileatt']['type'][$i];
$fname[] =$_FILES['fileatt']['name'][$i];
}
}
#---->Headers Part
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
AKAM;
#---->BODY Part
$Body =<<<AKAM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="$boundary1"
This is a multi-part message in MIME format.
--$boundary1
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary1
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary1--
AKAM;
if($attach=='yes') {
$attachments='';
$Headers =<<<AKAM
From: $FromName <$FromEmail>
Reply-To: $FromEmail
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="$boundary1"
AKAM;
for($j=0;$j<count($ftype); $j++){
$attachments.=<<<ATTA
--$boundary1
Content-Type: $ftype[$j];
name="$fname[$i]"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="$fname[$j]"
$attachment[$j]
ATTA;
}
$Body =<<<AKAM
This is a multi-part message in MIME format.
--$boundary1
Content-Type: multipart/alternative;
boundary="$boundary2"
--$boundary2
Content-Type: text/plain;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$TextMessage
--$boundary2
Content-Type: text/html;
charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
$HTMLMessage
--$boundary2--
$attachments
--$boundary1--
AKAM;
}
$ok=mail($To, $Subject, $Body, $Headers);
echo $ok?"<h1> Mail Sent</h1>":"<h1> Mail not SEND</h1>";
?>
[#57] richard at richard-sumilang dot com [2008-03-22 00:12:13]
If you are using the sendmail app from an exim package or something you don't really need to change the normal parameters PHP gives it (-t -i) as other posts described.
I just added "-f myemail@example.com" and it worked.
One thing that got me stuck for a few hours was trying to figure out why the return-path was set as the user (user running php) and not what I was setting it with the -f option then I later found at that in order to forcefully set the return-path the user account running the command must be in exim's trusted users configuration! It helps to add trusted_groups as well then everything works fine :)
- Richard Sumilang
[#58] mortoray at ecircle-ag dot com [2008-01-10 07:35:18]
Apparently if using the mbstring library, and using overriden functions, the "mail" command appears to use "Content-Transfer-Encoding: BASE64" by default. Which if you combine it with PEAR Mail_Mime you'll get mails that, although they appear RFC compliant, not mailer can read correctly.
To fix this it appears you should add a fixed header in the mail command (this one assumes the pear mime module is 7bit clean, perhaps 8bit would also be fine)
<?php $headers['Content-Transfer-Encoding'] = '7bit'; ?>
[#59] phpcoder at cyberpimp dot ig3 dot net [2007-09-27 08:51:13]
In addition to the $to parameter restrictions on Windows (ie. address can not be in "name <user@example.com>" format), the same restrictions apply to the parsed Cc and Bcc headers of the $additional_headers parameter.
However, you can include a To header in $additional_parameters which lists the addresses in any RFC-2822 format. (For display purposes only. You still need to list the bare addresses in the $to parameter.)
[#60] Gianluigi_Zanettini-MegaLab.it [2007-08-09 23:57:08]
Please note that using an address in this format "Zane, CEO - MegaLab.it" <myaddrr@mydomain> (" are needed due to comma) works as expected under *nix, but WON'T WORK under Windows.
This is an example
<?php
mail("\"Zane, CEO - MegaLab.it\" <myaddrr@mydomain>", "prova da test_zane", "dai funziona...");
?>
It works under *unix, but it doensn't under Win: different error are reported:
Warning: mail() [function.mail]: SMTP server response: 553 5.0.0 <"Zane>... Unbalanced '"'
Warning: mail() [function.mail]: SMTP server response: 501 5.5.4 Invalid Address
[#61] Alex Jaspersen [2007-05-30 23:03:08]
For qmail users, I have written a function that talks directly to qmail-queue, rather than going through the sendmail wrapper used by mail(). Thus it allows more direct control over the message (for example, you can adapt the function to display "undisclosed recipients" in to the To: header). It also performs careful validation of the e-mail addresses passed to it, making it more difficult for spammers to exploit your scripts.
Please note that this function differs from the mail() function in that the from address must be passed as a _separate_ argument. It is automatically put into the message headers and _does not_ need to be included in $additional_headers.
$to can either be an array or a single address contained in a string.
$message should not contain any carriage return characters - only linefeeds.
No validation is performed on $additional_headers. This is mostly unnecessary because qmail will ignore any additional To: headers injected by a malicious user. However if you have some strange mail setup it might be a problem.
The function returns false if the message fails validation or is rejected by qmail-queue, and returns true on success.
<?php
function qmail_queue($to, $from, $subject, $message, $additional_headers = "")
{
// qmail-queue location and hostname used for Message-Id
$cmd = "/var/qmail/bin/qmail-queue";
$hostname = trim(file_get_contents("/var/qmail/control/me"));
// convert $to into an array
if(is_scalar($to))
$to = array($to);
// BEGIN VALIDATION
// e-mail address validation
$e = "/^[-+\\.0-9=a-z_]+@([-0-9a-z]+\\.)+([0-9a-z]){2,4}$/i";
// from address
if(!preg_match($e, $from)) return false;
// to address(es)
foreach($to as $rcpt)
{
if(!preg_match($e, $rcpt)) return false;
}
// subject validation (only printable 7-bit ascii characters allowed)
// needs to be adapted to allow for foreign languages with 8-bit characters
if(!preg_match("/^[\\040-\\176]+$/", $subject)) return false;
// END VALIDATION
// open qmail-queue process
$dspec = array
(
array("pipe", "r"), // message descriptor
array("pipe", "r") // envelope descriptor
);
$pipes = array();
$proc = proc_open($cmd, $dspec, $pipes);
if(!is_resource($proc)) return false;
// write additional headers
if(!empty($additional_headers))
{
fwrite($pipes[0], $additional_headers . "\n");
}
// write to/from/subject/date/message-ID headers
fwrite($pipes[0], "To: " . $to[0]); // first recipient
for($i = 1; $i < sizeof($to); $i++) // additional recipients
{
fwrite($pipes[0], ", " . $to[$i]);
}
fwrite($pipes[0], "\nSubject: " . $subject . "\n");
fwrite($pipes[0], "From: " . $from . "\n");
fwrite($pipes[0], "Message-Id: <" . md5(uniqid(microtime())) . "@" . $hostname . ">\n");
fwrite($pipes[0], "Date: " . date("r") . "\n\n");
fwrite($pipes[0], $message);
fwrite($pipes[0], "\n");
fclose($pipes[0]);
// write from address and recipients
fwrite($pipes[1], "F" . $from . "\0");
foreach($to as $rcpt)
{
fwrite($pipes[1], "T" . $rcpt . "\0");
}
fwrite($pipes[1], "\0");
fclose($pipes[1]);
// return true on success.
return proc_close($proc) == 0;
}
?>
[#62] bigtree at dontspam dot 29a dot nl [2007-02-28 04:46:33]
Since lines in $additional_headers must be separated by \n on Unix and \r\n on Windows, it might be useful to use the PHP_EOL constant which contains the correct value on either platform.
Note that this variable was introduced in PHP 5.0.2 so to write portable code that also works in PHP versions before that, use the following code to make sure it exists:
<?php
if (!defined('PHP_EOL')) define ('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");
?>
[#63] admin at chatfamy dot com [2007-01-30 12:37:45]
One thing it can be difficult to control with this function is the envelope "from" address. The envelope "from" address is distinct from the address that appears in the "From:" header of the email. It is what sendmail uses in its "MAIL FROM/RCPT TO" exchange with the receiving mail server. It also typically shows up in the "Return-Path:" header, but this need not be the case. The whole reason it is called an "envelope" address is that appears _outside_ of the message header and body, in the raw SMTP exchange between mail servers.
The default envelope "from" address on unix depends on what sendmail implementation you are using. But typically it will be set to the username of the running process followed by "@" and the hostname of the machine. In a typical configuration this will look something like apache@box17.example.net.
If your emails are being rejected by receiving mail servers, or if you need to change what address bounce emails are sent to, you can change the envelope "from" address to solve your problems.
To change the envelope "from" address on unix, you specify an "-r" option to your sendmail binary. You can do this globally in php.ini by adding the "-r" option to the "sendmail_path" command line. You can also do it programmatically from within PHP by passing "-r address@example.com" as the "additional_parameters" argument to the mail() function (the 5th argument). If you specify an address both places, the sendmail binary will be called with two "-r" options, which may have undefined behavior depending on your sendmail implementation. With the Postfix MTA, later "-r" options silently override earlier options, making it possible to set a global default and still get sensible behavior when you try to override it locally.
On Windows, the the situation is a lot simpler. The envelope "from" address there is just the value of "sendmail_from" in the php.ini file. You can override it locally with ini_set().
[#64] johniskew2 [2006-09-19 09:28:34]
An important rule of thumb, because it seems few really follow it and it can alleviate so many headaches: When filtering your email headers for injection characters use a regular expression to judge whether the user's input is valid. For example to see if the user entered a valid e-mail address use something like [a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}. Dont try to filter out bad characters (like searching for LF or CR), because you will ALWAYS miss something. You can be sure your application is more secure going this route....provided the regular expression is valid! This same point goes for any sort of form input not just for sending out emails.
[#65] thomas at p-devion dot de [2006-08-23 22:46:58]
Change the function addattachment for multipartmail to auto detect the mime_content_type ...
<?php
function addattachment($file){
$fname = substr(strrchr($file, "/"), 1);
$data = file_get_contents($file);
$i = count($this->parts);
$content_id = "part$i." . sprintf("%09d", crc32($fname)) . strrchr($this->to_address, "@");
$this->parts[$i] = "Content-Type: ".mime_content_type($file)."; name=\"$fname\"\r\n" .
"Content-Transfer-Encoding: base64\r\n" .
"Content-ID: <$content_id>\r\n" .
"Content-Disposition: inline;\n" .
" filename=\"$fname\"\r\n" .
"\n" .
chunk_split( base64_encode($data), 68, "\n");
return $content_id;
}
?>
[#66] panoramical at gmail dot com [2006-07-27 16:19:19]
Searched for ages on the internet trying to find something that parses EML files and then sends them...for all of you who want to send an EML files you first have to upload it, read it, then delete it. Here's my function...it's specialised for a single form where the user uploads the EML file.
<?php
if(isset($_POST['submit']))
{
// Reads in a file (eml) a user has inputted
function eml_read_in()
{
$file_ext = stristr($_FILES['upload']['name'], '.');
// If it is an eml file
if($file_ext == '.eml')
{
// Define vars
$dir = 'eml/';
$file = $dir.basename($_FILES['upload']['name']);
$carry = 'yes';
// Try and upload the file
if(move_uploaded_file($_FILES['upload']['tmp_name'], $file))
{
// Now attempt to read the file
if($eml_file = file($file))
{
// Create the array to store preliminary headers
$headers = array();
$body = '';
$ii = -1;
// For every line, carry out this loop
foreach($eml_file as $key => $value)
{
$pattern = '^<html>';
if(((eregi($pattern, $value)))||($carry == 'no'))
{
// Stop putting data into the $headers array
$carry = 'no';
$i++;
$body .= $value;
}
else
{
// Separate each one with a colon
if(($eml_file_expl = explode(':', $value))&&($carry == 'yes'))
{
// The row has been split in half at least...
if(isset($eml_file_expl[1]))
{
// Put it into the preliminary headers
$headers[$eml_file_expl[0]] = $eml_file_expl[1];
// There might be more semicolons in it...
for($i=2;$i<=$count;$i++)
{
// Add the other values to the header
$headers[$eml_file_expl[0]] .= ':'.$eml_file_expl[$i];
}
}
}
}
}
// Clear up the headers array
$eml_values = array();
$eml_values[to] = $headers[To];
$eml_values[from] = $headers[From];
$eml_values[subject] = $headers[Subject];
$eml_values['reply-to'] = $headers['Reply-To'];
$eml_values['content-type'] = $headers['Content-Type'];
$eml_values[body] = $body;
unlink($file);
return $eml_values;
}
}
else
{
return '<p>File not uploaded - there was an error</p>';
}
}
}
// Takes information automatically from the $_FILES array...
$eml_pattern = eml_read_in()
// Headers definable...through eml_read_in() again, but I'm guessing they'll be the same for each doc...
if(mail($eml_pattern[to], $eml_pattern[subject], $eml_pattern[content], $headers)) echo 'Mail Sent';
?>
[#67] [2006-07-24 08:55:24]
correction for class multipartmail
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[0] ....
?>
if you are adding attachment first and then addmessage you can easy overwrite added attachment - better use
<?php
function addmessage($msg = "", $ctype = "text/plain"){
$this->parts[count($this->parts)] ....
?>
[#68] sander at cartel dot nl [2006-07-20 03:26:39]
I found out that a ms server (ESMTP MAIL Service, Version: 5.0.2195.6713) also had the problem using CRLF in the headers:
If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with RFC 2822.
The suggested fix works.
Sander
[#69] Ben Cooke [2005-12-15 05:34:09]
Note that there is a big difference between the behavior of this function on Windows systems vs. UNIX systems. On Windows it delivers directly to an SMTP server, while on a UNIX system it uses a local command to hand off to the system's own MTA.
The upshot of all this is that on a Windows system your message and headers must use the standard line endings \r\n as prescribed by the email specs. On a UNIX system the MTA's "sendmail" interface assumes that recieved data will use UNIX line endings and will turn any \n to \r\n, so you must supply only \n to mail() on a UNIX system to avoid the MTA hypercorrecting to \r\r\n.
If you use plain old \n on a Windows system, some MTAs will get a little upset. qmail in particular will refuse outright to accept any message that has a lonely \n without an accompanying \r.
[#70] fontajos at phpeppershop dot com [2005-09-21 08:24:10]
Problems with Microsoft Exchange and PHP as ISAPI-module
We found out, that if you want to send multipart mime emails using the PHP mail-function on a Windows box using a Microsoft Exchange server, you have to use separate containers for the mail body and the mail header.
In many examples like in http://www.zend.com/zend/trick/html-email.php or in the book PHP developers cookbook you find html multipart/alternative mailing solutions that build the mime header and the mail body into one PHP variable and send this as fourth argument (header) to the PHP mail-function. This works fine on most systems but not on the above mentioned combination.
We found a rather trivial solution: Simply split the mime mail header and the mail body into two separate variables and give them separately to the PHP mail function, example:
<?php
//add From: header
$headers = "From: webserver@localhost\r\n";
//specify MIME version 1.0
$headers .= "MIME-Version: 1.0\r\n";
//unique boundary
$boundary = uniqid("HTMLDEMO");
//tell e-mail client this e-mail contains//alternate versions
$headers .= "Content-Type: multipart/mixed; boundary = $boundary\r\n\r\n";
//plain text version of message
$body = "--$boundary\r\n" .
"Content-Type: text/plain; charset=ISO-8859-1\r\n" .
"Content-Transfer-Encoding: base64\r\n\r\n";
$body .= chunk_split(base64_encode("This is the plain text version!"));
//HTML version of message
$body .= "--$boundary\r\n" .
"Content-Type: text/html; charset=ISO-8859-1\r\n" .
"Content-Transfer-Encoding: base64\r\n\r\n";
$body .= chunk_split(base64_encode("This the <b>HTML</b> version!"));
//send message
mail("root@localhost", "An HTML Message", $body, $headers);
?>
[#71] GwarDrazul [2005-09-15 04:01:31]
The article mentioned below is quite good to understand the problem of header injection. However, it suggests the following as a solution: look for "\n" and "\r" inside your user input fields (especially in those used for the $header param) and, if found reject the mail.
Allthough this will probably work I still believe it is better to have a "white list" of allowed characters instead of a "black list" with forbidden characters.
Example:
If you want a user to enter his name, then allow characters only!
If you want a user to enter his email adress, then check if the entry is a valid email adress.
Doing so might automatically solve problems which you didn't think of when you created the "black list". For SMTP headers colons are needed. If you check for a valid email adress the hacker won't be able to enter colons inside that form field.
I suggest using regular expressions for those checks.
For more information about regular expressions see:
http://www.regular-expressions.info/
[#72] msheldon at desertraven dot com [2005-05-15 00:09:52]
Just a comment on some of the examples, and as a note for those who may be unaware. The SMTP RFC 822 is VERY explicit in stating that \r\n is the ONLY acceptable line break format in the headers, though is a little vague about the message body. While many MTAs will deal with just \n, I've run accross plenty of them that will exhibit "interesting" behaviours when this happens. Those MTAs that are strict in compliance will definitely break when header lines are terminated with only \n. They will also most likely break if the body of the message contains more than 1000 consecutive characters without a \r\n.*
Note that RFC 821 is a little more clear in defining:
"line
A a sequence of ASCII characters ending with a <CRLF>."
RFC 821 makes no distinction between header lines and message body lines, since both are actually transmitted during the DATA phase.
Bottom line, best practice is to be sure to convert any bare \n characters in the message to \r\n.
* "The maximum total length of a text line including the <CRLF> is 1000 characters" (RFC 821)
[#73] jonte at macnytt dot com [2005-04-24 16:16:46]
Users of Mac OS X Server need to activate SMTP part of the Mailserver before this is working.
Also note that if the ISP has blocked port 25 outgoing, you run into problems. You can find more info about this in the SMTP server log in Server Admin application if you run OSX Server.
[#74] benles at bldigital dot com [2005-03-20 21:47:42]
I get a 550 error when using mail() with this To format:
User <user@example.com>
When it's changed to just the bare email, it works fine. Just FYI that some mail servers may behave this way.
[#75] php dot net at schrecktech dot com [2005-03-02 16:07:55]
When sending MIME email make sure you follow the documentation with the "70" characters per line...you may end up with missing characters...and that is really hard to track down...
[#76] grey at greywyvern dot moc [2005-02-18 12:47:18]
When including your own custom headers try not to include a trailing \r\n at the end of the last header. Leaving the \r\n causes an extra line-feed at the beginning of the message body, so your message will start on the second line.
[#77] Sven Riedel [2004-07-10 06:22:13]
mail() requires /bin/sh to exist in Unix environments, next to a mail delivery program. This is very relevant when setting up apache in a chroot environment. Unfortunately this isn't anywhere in the documentation and took me several months to figure out.
[#78] nospam at mingo dot ath dot cx [2004-05-09 06:55:59]
If you're using a linux server using Postfix, and your server hasn't the host name set to a valid name (because it's behind a firewall in an intranet), it's possible that when sending mails using the mail function, some mail servers reject them. This is because they can't check the return path header. If you want to change the Return-Path used by sendmail init the php.ini and edit the sendmail_path variable to this:
sendmail_path = "sendmail -t -i -F webmaster@example.com -f webmaster@example.com"
[#79] Paul [2004-02-25 02:51:35]
My mime multipart/alternative messages were going ok, until I switched to qmail with php .. after years of painfull searching, I came across this on the Life With Qmail 'Gotchas' section:
G.11. Carriage Return/Linefeed (CRLF) line breaks don't work
qmail-inject and other local injection mechanisms like sendmail don't work right when messages are injected with DOS-style carriage return/linefeed (CRLF) line breaks. Unlike Sendmail, qmail requires locally-injected messages to use Unix newlines (LF only). This is a common problem with PHP scripts.
So now, I can go back to sending emails with text AND html components :)
[#80] roberto dot silva at mexicoshipping dot net [2004-01-23 16:16:11]
If you can't use or don't understand how to use the sendmail program from linux, you can use a PEAR object to send mail.
<?php
include("Mail.php");
$recipients = "mailto@example.com";
$headers["From"] = "mailfrom@example.com";
$headers["To"] = "mailto@example.com";
$headers["Subject"] = "Test message";
$body = "TEST MESSAGE!!!";
$params["host"] = "example.com";
$params["port"] = "25";
$params["auth"] = true;
$params["username"] = "user";
$params["password"] = "password";
// Create the mail object using the Mail::factory method
$mail_object =& Mail::factory("smtp", $params);
$mail_object->send($recipients, $headers, $body);
?>
In my case, i use a smtp server that require authentication, and sendmail configuration is almost cryptic to me.
PEAR is already installed in PHP 4.0.3 , if not, you must go to http://pear.php.net/ and install it, in my case, I needed to add the Socket.php to the PEAR library.
[#81] f dot touchard at laposte dot net [2003-01-30 19:46:34]
***Encoding plain text as quoted-printable in MIME email***
If you don't want to install IMAP and use imap_8bit() to encode plain text or html message as quoted-printable
(friendly french special characters encoding :-) in MIME email, try this function.
I haven't fully tested it ( like with microtime with long mails). I send html message as 7-bit, so I didn't try yet with html.
If you have good html practise, you don't really need to encode html as quote-printable as it only uses 7-bit chars.
F.Touchard
<?php
function qp_encoding($Message) {
for ($i=0; $i<127; $i++) {
$CharList[$i] = "/".chr($i+128)."/";
$HexList[$i] = "=".strtoupper(bin2hex(chr($i+128)));
}
$Message = str_replace("=", "=3D", $Message);
$Message = preg_replace($CharList, $HexList, $Message);
$MessageLines = split("\n", $Message);
$Message_qp = "";
while(list(, $Line) = each($MessageLines)) {
if (strlen($Line) > 75) {
$Pointer = 0;
while ($Pointer <= strlen($Line)) {
$Offset = 0;
if (preg_match("/^=(3D|([8-9A-F]{1}[0-9A-F]{1}))$/", substr($Line, ($Pointer+73), 3))) $Offset=-2;
if (preg_match("/^=(3D|([8-9A-F]{1}[0-9A-F]{1}))$/", substr($Line, ($Pointer+74), 3))) $Offset=-1;
$Message_qp.= substr($Line, $Pointer, (75+$Offset))."=\n";
if ((strlen($Line) - ($Pointer+75)) <= 75) {
$Message_qp.= substr($Line, ($Pointer+75+$Offset))."\n";
break 1;
}
$Pointer+= 75+$Offset;
}
} else {
$Message_qp.= $Line."\n";
}
}
return $Message_qp;
}
?>
[#82] stevenlim at Edinburgh-Consulting dot com [2002-09-06 00:53:54]
How to detect a bounce email
1. make sure the email you send out have the header
"Return-Path: detect-bounce@example.com\r\n",
&
"Return-Receipt-To: bounce@example.com\r\n"
2. setup this detect-bounce mail account at your mail server
3. redirect the incoming mail from this email account to your php script (check your mail server doc on how do this)
4. your php script will then be able to process the incoming email in whatever way you like, including to detect bounce mail message (use regexp search).
Note that the mail will be not be store after the mail server has redirect to your script. If you want to store it, you need additional code in your script
Hope the above help
Steven Lim
IT Consultant