-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add automatic host finding for direct SMTP sending #119
Comments
If this feature ever gets implemented then here's some things to look for when sending direct mail:
|
PHPMailer should never attempt to be an MTA, it's far too complex. Sendmail's approach (like all MTAs) is exactly correct - it will send bounces on delivery failure - but this is clearly not something you care about if you're not running a proper MTA in the first place. We can already handle fake MX records because there is support for multiple hosts in the Matching fwd/rev DNS is out of scope for PHPMailer. If sites use bad ciphers, that's their lookout - I wouldn't expect any domain that wants their email to work to deploy broken config. Falling back to plain-text is a way of allowing downgrade attacks to succeed, so it shouldn't be allowed. |
I guess the sane option in this case would be to try to send the message just once and if it takes too much time, or the server uses graylisting, or STARTTLS fails or whatever, then return an error with "sorry, can't do". This way you would only have to check the MX/A DNS records and otherwise do a normal sending. The error rate would be too high for bulk sending but for occasional user signup or password reset message it might work fine. |
Just for the record I started to play around with these ideas myself and eventually I did build a MTA and it turned out just fine. I use it to send out about 500 000 emails per day all over the world (https://github.com/zone-eu/zone-mta). The hard part was not SMTP connections but queue handling which is a separate topic. If you keep SMTP interaction minimal, do not give up after first connection error (if you can't connect to one MX/IP then try the next one) and allow long timeouts (some hosts use tarpitting where server responds to every command after 20sec delay) everything should work fine. TLS ciphers were an issue as expected (my favourite was a server that just dropped the connection during the handshake if client did not list ciphers the server supported - no errors nor response to the TLS handshake, it just closed the connection) but I solved it by using downgrading - if anything happens during STARTTLS call then drop the connection and retry but this time without STARTTLS. |
I think this is actually just a bad idea, and not within a library's remit - this is an MTA's job! |
If you are using SMTP sending and do not have a local mail server or nearby smarthost, you need to do DNS lookups to get an MX record and use that to send directly to recipient exchangers. This is a common enough scenario that PHPMailer should have built-in support for it, perhaps by setting 'Host' to 'auto', which would cause it to set the host using
getmxrr()
and friends.This will obviously run into issues with sending from dynamic addresses (which will probably be blacklisted or blocked outbound by ISPs), but that's a separate problem that PHPMailer doesn't need to be concerned about.
The text was updated successfully, but these errors were encountered: