By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,983 Members | 1,597 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,983 IT Pros & Developers. It's quick & easy.

mail() sends as "nobody", causing server error

P: n/a
I'm troubleshooting a program that I didn't build, so forgive me on
this one. It's called email.php, and it looks like a program that the
original developer must have downloaded from somewhere.

The part of the program that sends an email states this:

$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }
$headers .= 'From: '.$from.'' . "\r\n";
if (isset($_REQUEST["cc"])){ $headers .= 'cc: '.$cc. "\r\n"; }
if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }

// Mail it
error_reporting(E_ERROR | E_WARNING | E_PARSE);
mail($to, $subject, $message, $headers) or die("<h3>Cannot send mail.</
h3><br>mail(to, subject, message, headers)<br>mail($to, $subject,
$message, $headers)");
header("Location:".$_REQUEST["LocOK"]);
exit;

(Note, this is copy-and-pasted, and I know that the BCC field is in
there twice, but I left it verbatim in case there's an error there
that's causing my problem. The BCC field isn't utilized with the form,
though, so I think this error is irrelevant.)

The problem is that when it emails out, the server recognizes it as
coming from "nobody," which is automatically bounced to me. I set the
server up to refuse "nobody" emails as a hack-attack preventative, but
it's usually not a problem... until now.

I COULD change the server to allow "nobody" emails, but I would rather
not. Is there a way to modify the script to show the sender as
something besides "nobody"? Having something in the $from variable
doesn't seem to be enough.

This is just a guess, but based on the bounced message, I assume I
need to include the $from variable in the following fields that
currently say "nobody":

Return-path: no****@mydomain.com
Received: from no****@mydomain.com
(envelope-from <no****@mydomain.com>)

Any ideas?

TIA,

Jason

Mar 28 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
On 27 Mar 2007 22:54:53 -0700, "Jason" <jw*******@gmail.comwrote:

>This is just a guess, but based on the bounced message, I assume I
need to include the $from variable in the following fields that
currently say "nobody":

Unless I'm missiing something, you don't have a From: line in your
headers at all!
<http://www.php.net/mail/>
--
Locate your Mobile phone: <http://www.bizorg.co.uk/news.html>
Great gifts: <http://www.ThisBritain.com/ASOS_popup.html>
Mar 28 '07 #2

P: n/a
Jason wrote:
if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }
$headers .= 'From: '.$from.'' . "\r\n";
if (isset($_REQUEST["cc"])){ $headers .= 'cc: '.$cc. "\r\n"; }
if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }
Argh!!!

This script will become a source of spam.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Mar 28 '07 #3

P: n/a
Jason wrote:
I'm troubleshooting a program that I didn't build, so forgive me on
this one. It's called email.php, and it looks like a program that the
original developer must have downloaded from somewhere.

The part of the program that sends an email states this:

$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }
$headers .= 'From: '.$from.'' . "\r\n";
if (isset($_REQUEST["cc"])){ $headers .= 'cc: '.$cc. "\r\n"; }
if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }

// Mail it
error_reporting(E_ERROR | E_WARNING | E_PARSE);
mail($to, $subject, $message, $headers) or die("<h3>Cannot send mail.</
h3><br>mail(to, subject, message, headers)<br>mail($to, $subject,
$message, $headers)");
header("Location:".$_REQUEST["LocOK"]);
exit;

(Note, this is copy-and-pasted, and I know that the BCC field is in
there twice, but I left it verbatim in case there's an error there
that's causing my problem. The BCC field isn't utilized with the form,
though, so I think this error is irrelevant.)

The problem is that when it emails out, the server recognizes it as
coming from "nobody," which is automatically bounced to me. I set the
server up to refuse "nobody" emails as a hack-attack preventative, but
it's usually not a problem... until now.

I COULD change the server to allow "nobody" emails, but I would rather
not. Is there a way to modify the script to show the sender as
something besides "nobody"? Having something in the $from variable
doesn't seem to be enough.

This is just a guess, but based on the bounced message, I assume I
need to include the $from variable in the following fields that
currently say "nobody":

Return-path: no****@mydomain.com
Received: from no****@mydomain.com
(envelope-from <no****@mydomain.com>)

Any ideas?

TIA,

Jason
Jason,

First thing you need to do is take that script offline. If spammers
find it you'll have about 15 minute before you're in every spam source
blacklist in the world. And a good hosting company will shut your site
down until you get it fixed.

Then get a secure contact form up there. I can't recommend any offhand
- I wrote my own and use it on various sites. But there are ones out
there. You could try hotscripts.com or see what others here recommend.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Mar 28 '07 #4

P: n/a
"Jason" <jw*******@gmail.comwrote in news:1175061293.558023.29400
@n59g2000hsh.googlegroups.com:
The problem is that when it emails out, the server recognizes it as
coming from "nobody," which is automatically bounced to me. I set the
server up to refuse "nobody" emails as a hack-attack preventative, but
it's usually not a problem... until now.
And to address your question (someone correct me if I'm wrong):

You are running php as an Apache module, correct?

I believe in this environment, Return-path is going to be the web-server's
username, unless you hack something in your mail server software (e.g.
sendmail). The other from headers you should be able to set within your
(more secure) script.

However, if you have php running as CGI then the Return-path will be set to
the username that php is running as.

I believe searching on "tectite" and mail and form will bring you to a
(relatively?) secure mailform script. Do NOT use "Matt's".

Apr 1 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.