PHP mail() function - How restrict FROM field usage?

  • Hello ;


    Before PHP5.4, you can do that by activating the safe mode but it's not longer recommended. Activating the safe mode will cause disabling of the 5th parameter (additional_parameters) to the mail() function, which allow to set the 'FROM' field. In that case, a warning is raised if the user try to use it.


    With PHP5.3 and newer, you must set the following parameter in the php.ini file of the customer for which you want disallow custom 'FROM' field:


    Code
    1. ; Force the addition of the specified parameters to be passed as extra parameters; to the sendmail binary. These parameters will always replace the value of; the 5th parameter to mail(), even in safe mode.;mail.force_extra_parameters =


    For instance, something like this (no tested) should do the job:


    Code
    1. mail.force_extra_parameters = "-f [email protected]"


    See also http://forum.i-mscp.net/Thread…es-management-with-i-MSCP to know how php.ini are managed with i-MSCP, according the Httpd server implementation you are using.


    Thanks you for using i-MSCP

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().