PHP mail() function - How restrict FROM field usage?

**CoolerS** · Mar 28th 2013

Hi!
My question is, how can i limit users to use mail() func in php only with they domain. EX: my domain is dat.com and i try send mail with sender: ex@example.com its replaces to no-reply@dat.com or something.

Thanks

**Nuxwin** · Mar 29th 2013

Hello ;

Before PHP5.4, you can do that by activating the safe mode but it's not longer recommended. Activating the safe mode will cause disabling of the 5th parameter (additional_parameters) to the mail() function, which allow to set the 'FROM' field. In that case, a warning is raised if the user try to use it.

With PHP5.3 and newer, you must set the following parameter in the php.ini file of the customer for which you want disallow custom 'FROM' field:

Code

; Force the addition of the specified parameters to be passed as extra parameters; to the sendmail binary. These parameters will always replace the value of; the 5th parameter to mail(), even in safe mode.;mail.force_extra_parameters =

For instance, something like this (no tested) should do the job:

Code

mail.force_extra_parameters = "-f no-reply@dat.com"

See also http://forum.i-mscp.net/Thread…es-management-with-i-MSCP to know how php.ini are managed with i-MSCP, according the Httpd server implementation you are using.

Thanks you for using i-MSCP

PHP mail() function - How restrict FROM field usage?

Share

Daily visitors