PHP mailing libs reliability

Semseng

New member
Hello,

At the moment, I am creating a simple mailer for my company's coworkers that is going to send different reminders, product quotations, and so on, anything that can be automatically generated within our company and sent without need for a person to do some unnecessary things like counting some data etc.

I have chosen SwiftMail as the library to use and managed to write a simple, basic code just to check if it's working and everything seems fine so far. The possible issue lies in the fact that there are two template code snippets: in first (to be seen here, first code snippet from the top), one has to specify host, username and password for the email account to be used. As I suppose, it logs onto the server and send emails from the server itself? In the second way (I am not sure where I had found it), there is no need to specify the SMTP details and nevertheless, I can easily set the "from" field within the script, so that the receiver sees the email as sent from the email specified.

My question is, is the second solution less secure, or can be potentially detected as spam on the receiving end? The thing is, I am writing such script for the first time and so I am not entirely sure, how does it work. Why do I ask? For some reason, the first solution does not work; server freezes when I am trying to send the email using this method and so I'd like to use the second way.


Great thanks for any suggestions,
Semseng
 

fitkoh

Member
Semseng said:
Hello,

At the moment, I am creating a simple mailer for my company's coworkers that is going to send different reminders, product quotations, and so on, anything that can be automatically generated within our company and sent without need for a person to do some unnecessary things like counting some data etc.

I have chosen SwiftMail as the library to use and managed to write a simple, basic code just to check if it's working and everything seems fine so far. The possible issue lies in the fact that there are two template code snippets: in first (to be seen here, first code snippet from the top), one has to specify host, username and password for the email account to be used. As I suppose, it logs onto the server and send emails from the server itself? In the second way (I am not sure where I had found it), there is no need to specify the SMTP details and nevertheless, I can easily set the "from" field within the script, so that the receiver sees the email as sent from the email specified.

My question is, is the second solution less secure, or can be potentially detected as spam on the receiving end? The thing is, I am writing such script for the first time and so I am not entirely sure, how does it work. Why do I ask? For some reason, the first solution does not work; server freezes when I am trying to send the email using this method and so I'd like to use the second way.


Great thanks for any suggestions,
Semseng

First off I'm not an expert, but I try to help where I can.

I'm fairly certain though that if you send an email without all the proper headers it will certainly wind up in the trash or the spam folder.

I've never heard of Swiftmail but if I were you I'd be itching to figure out what's causing your server to freeze up before I went on trying to write any code for it. Are there any logs you can check? Have you checked to see if there are any services running on the ports that swiftmail is using to send?

Another idea is to use phpsendmail. It's fairly easy to make a web page containing an email template, then you could attach it to a cron script for automation.
 

Semseng

New member
fitkoh said:
I'm fairly certain though that if you send an email without all the proper headers it will certainly wind up in the trash or the spam folder.

Yeah, I have read some articles on the topic and headers are part of the thing. Today I did send a message using Thunderbird and my script and to be honest, the headers seem not to differ too much.
The key part present only in the server script is, as I suppose, this one:
Code:
X-PHP-Originating-Script: 582:SimpleMailInvoker.php
Rest seems pretty okay.

As I have been writing the code, additional issue popped up. Initially, it was planned the emails to be sent within our company's domain and to no outer addresses, so a simple set of filters could be configured in order to avoid any software-side spam detection. My boss, however, was impressed by simpilicity of the automatic mailing and decided to try to send emails to our comapny's clients. Not sure if that's going to be implemented, but well, if so, it will arise some more problems ;)

fitkoh said:
I've never heard of Swiftmail but if I were you I'd be itching to figure out what's causing your server to freeze up before I went on trying to write any code for it. Are there any logs you can check? Have you checked to see if there are any services running on the ports that swiftmail is using to send?

The thing is, that I do not have any access to logs, php error reporting is disabled. And as far as the port-related thing is concerned, I am not experienced/educated enough to check this out. Also, our server isn't a dedicated one, but a shared one, as I think and so, some settings/options are not available to us. I have asked my colleague who had referred me to Gigarank to try out all the stuff on his server, but he hasn't tried, as far as I'm concerned.

fitkoh said:
Another idea is to use phpsendmail. It's fairly easy to make a web page containing an email template, then you could attach it to a cron script for automation.

Do you mean to create something based on mail() function? I have read rather negative opinions on such solutions as there may be some problems with headers. That was the first reason for me to choose some library, SwiftMailer or PHPMailer (https://github.com/PHPMailer/PHPMailer), but for some reason, both the scripts seem to have abovementioned problems with browser/server freezing up when trying to set them up properly. That may have something to do with ports being blocked server side, or some other server side problem.

Well, I will keep on investigating the issue, but thank you for the answer, you have brought some ideas and possible solutions to my mind ;)
 

fitkoh

Member
The thing is, that I do not have any access to logs, php error reporting is disabled. And as far as the port-related thing is concerned, I am not experienced/educated enough to check this out. Also, our server isn't a dedicated one, but a shared one, as I think and so, some settings/options are not available to us. I have asked my colleague who had referred me to Gigarank to try out all the stuff on his server, but he hasn't tried, as far as I'm concerned.

I'm not sure what operating system you're using but if you're using a linux OS you can try this at the command line:

nmap -sT -O localhost
You can check this article for other info on checking ports:
https://access.redhat.com/documenta...ux/3/html/Security_Guide/s1-server-ports.html
 

Semseng

New member
fitkoh said:
I'm not sure what operating system you're using but if you're using a linux OS you can try this at the command line:

nmap -sT -O localhost

Well, we do not have access to SSH and I am, unfortunately, sure of that. Most probably because of the fact it is some kind of shared hosting.

Anyway, I have managed to get some error reporting and tried out PHPMailer, it seems to be more popular and is developed at the moment. I did set up a SMTP mailing script with whole email account credentials and so on, ran the script and an error popped up. It is the same as described here (link to Stackoverflow thread), i.e.:
Code:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
(server addresses displayed in my error are different than in this example)

I did as the SO's solution suggests, although it seems a bit unsafe; I added
Code:
$mail->SMTPOptions = array (
	'ssl' => array(
	'verify_peer'  => false,
	'verify_peer_name'  => false,
	'allow_self_signed' => true));

And, as expected, script ran just fine.

But, as I studied the email message's source using Thunderbird (it shows all the headers, and so on), I saw that in X-Authenticated-Sender: and X-Get-Message-Sender-Via: there is a different address than I had tried to set as the PHPMailer or Swiftmailer's "host". When I attempted to set this address shown in Thunderbird as the host for the script and re-enabled the SSL settings (that I had disabled as mentioned above), it all ran genuinely securely and smoothly! Finally :)

So, as I suppose, the reason for both the PHPMailer and SwiftMail scripts' malfunctions was that I did set the host wrongly.

Thanks, @"fitkoh", you directed me to search in proper places and I did solve the issue. My great thanks ;)