The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Authenticate users for PHP mail() function

Discussion in 'E-mail Discussions' started by cancer10, Jan 6, 2009.

  1. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    Implementing Mail authentication

    Hi

    How do i Set SMTP authentication in my server so that my customers when using a form-mailer has use a valid email address in order to pass the SMTP authentication?

    My MTA (mail Transfer Agent) is Exim and POP/IMAP is handled by Courier-IMAP.


    Thanx
     
    #1 cancer10, Jan 6, 2009
    Last edited: Jan 8, 2009
  2. webbytech

    webbytech Member

    Joined:
    Dec 22, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Illinois
    I would implement suPHP so that it makes it send as the user that owns the web account. If you need assistance, PM me
     
  3. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.).

    You can prevent the user "nobody" from sending unauthenticated emails from WHM-> Tweak settings.
     
  4. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    Hi

    I have already done what u said but still I or anyone can send a form mailer from my site without any authentication. http://www.cupidsystems.com/feedback.php

    Plz Help

    Thanx
     
  5. betoranaldi

    betoranaldi Well-Known Member

    Joined:
    Dec 5, 2007
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    I believe you can also set it up so that EXIM does not allow relaying from a local address (127.0.0.1)

    I'm not exactly sure how to do it. Hopefully someone else can help.
     
  6. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    Can anyone help me plz?
     
  7. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    I run suPHP, and I have nobody mailing disabled and don't have any problems.


    As for people sending from the form on your site, it doesn't affect the user side, just the server side.
     
  8. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    What happens when you disable nobody from sending mails?
     
  9. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    The user "nobody" cannot send emails.

    If you're running PHP as a dso module this is a bad idea as PHP will run as nobody and therefore none of your emails will go through.
     
  10. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    I have selected this option under WHM-> Tweak settings.

    Prevent the user "nobody" from sending out mail to remote addresses



    But still i can send form mailers without any SMTP authentication :(
     
  11. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The mail() function in PHP does not use SMTP to send out mail. It uses the sendmail binary to send out mail. There is no mechanism in the mail() function for SMTP calls and therefore no mechanism for SMTP authentication. To use SMTP authentication you would have to use something like the Mail package from pear.

    You would then need to disable the mail() function in your server-wide php.ini file on the server. Doing this will likely have an adverse affect on PHP scripts on your server.

    Your best option is to continue to use the mail() function but enable the PHP mail header patch in easyapache. This will add a line to the e-mail headers of any message sent out from your server through PHP that uses the mail() function. This line will tell what script was executed to send out the message and allows you to track down possible abuse.
     
  12. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India

    Plz explain how to do this.


    Thanx
     
  13. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    Recompile PHP with easy apache and select "MailHeaders" under the exhaustive options list for PHP.
     
  14. cancer10

    cancer10 Well-Known Member

    Joined:
    Aug 27, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    Plz tell me the steps of how to do this through WHm?


    Thanx
     
Loading...

Share This Page