Add automatic host finding for direct SMTP sending

[Synchro]

If you are using SMTP sending and do not have a local mail server or nearby smarthost, you need to do DNS lookups to get an MX record and use that to send directly to recipient exchangers. This is a common enough scenario that PHPMailer should have built-in support for it, perhaps by setting 'Host' to 'auto', which would cause it to set the host using getmxrr() and friends.

This will obviously run into issues with sending from dynamic addresses (which will probably be blacklisted or blocked outbound by ISPs), but that's a separate problem that PHPMailer doesn't need to be concerned about.

[andris9]

If this feature ever gets implemented then here's some things to look for when sending direct mail:

• The hostname used for EHLO/HELO must match the reverse resolved hostname for the server IP address. Otherwise you get spam points.
• There are really weird/old ciphers out there, also a lot of self signed certificates, so expect STARTTLS to fail if you try to use it – in this case you should try again, this time in plaintext and ignoring STARTTLS.
• Greylisting is widely used, so expect to get temporary errors and then try again after a while (I guess this would assume you send using a cronjob, otherwise you'd be blocking the PHP script for 10 minutes to wait for the next try)
• I don't know how widely fake MX records are used but I guess that not too much because of the high risk of loosing legit messages, so I wouldn't care too much about it
• I wouldn't care too much about dynamic addresses either since this is what haunts sendmail as well. Actually in case of using sendmail the situation is even worse – sendmail queues your messages and does not inform you that recipients server rejects the connection or that your outgoing port 25 is blocked, so it looks like the message went through even though it didn't

[Synchro]

PHPMailer should never attempt to be an MTA, it's far too complex. Sendmail's approach (like all MTAs) is exactly correct - it will send bounces on delivery failure - but this is clearly not something you care about if you're not running a proper MTA in the first place. We can already handle fake MX records because there is support for multiple hosts in the Host property. The whole idea of sending a message via SMTP during a web page submission is horribly flawed, but that doesn't stop many using it, and acting all surprised when they run into things like greetdelay breaking their web apps...

Matching fwd/rev DNS is out of scope for PHPMailer. If sites use bad ciphers, that's their lookout - I wouldn't expect any domain that wants their email to work to deploy broken config. Falling back to plain-text is a way of allowing downgrade attacks to succeed, so it shouldn't be allowed.

[andris9]

I guess the sane option in this case would be to try to send the message just once and if it takes too much time, or the server uses graylisting, or STARTTLS fails or whatever, then return an error with "sorry, can't do". This way you would only have to check the MX/A DNS records and otherwise do a normal sending. The error rate would be too high for bulk sending but for occasional user signup or password reset message it might work fine.

[andris9]

Just for the record I started to play around with these ideas myself and eventually I did build a MTA and it turned out just fine. I use it to send out about 500 000 emails per day all over the world (https://github.com/zone-eu/zone-mta). The hard part was not SMTP connections but queue handling which is a separate topic.

If you keep SMTP interaction minimal, do not give up after first connection error (if you can't connect to one MX/IP then try the next one) and allow long timeouts (some hosts use tarpitting where server responds to every command after 20sec delay) everything should work fine. TLS ciphers were an issue as expected (my favourite was a server that just dropped the connection during the handshake if client did not list ciphers the server supported - no errors nor response to the TLS handshake, it just closed the connection) but I solved it by using downgrading - if anything happens during STARTTLS call then drop the connection and retry but this time without STARTTLS.

[Synchro]

I think this is actually just a bad idea, and not within a library's remit - this is an MTA's job!