some PHP mail bounced

OK folks, heres one for you... I don't know if this is related to folks blacklisting DH or what, but I've got several PHP scripts which send mail. Most of these make it successfully to the addressee but some are rejected with the note "Relay access denied". However, I can send to [most] of the bounced addresses directly from my mail program (eudora) using my DH-hosted account so I'm guessing it has something to do with sending from PHP.

I ran across a PHP reference which said to add this line before the mail() command:

ini_set("sendmail_from", $from);

(see http://www.leveltendesign.com/L10Apps/forum/about174.html ) where $from is the valid address on the domain. I've tried adding that line to the code without success.

Any ideas?!?

-Jeremy

The rocket scientists at Dreamhost have made a major policy change and didn't bother to mention it to anyone.

You now must SMTP AUTH from your local dreamhost server.

This means *any* scripts you are using will now fail ("relaying denied") when sending to a non-DH hosted domain unless you AUTH with the mail server.

Edited by BRoach on 08/15/06 12:55 PM (server time).

In reply to:
The rocket scientists at Dreamhost have made a major policy change and didn't bother to mention it to anyone.

Uh, actually, it *is* mentioned on dreamhoststatus.com, though I'm not sure how you equate that announcement with a "major policy change". It is not unreasonable to expect SMTP users to have their connections to the servers authorized before handling outgoing mail.

In reply to:
This means *any* scripts you are using will now fail ("relaying denied") when sending to a non-DH hosted domain unless you AUTH with the mail server.

No. That is *not* what it means. Many scripts, including those using the php mail function, do not use SMTP. I have many such scripts currently running on my Dreamhosted sites, and they are still working just fine when sent to non-dreamhosted domains.

You really should either be a little more thorough in your reading, or a little more knowedgable about the subject under discussion, before making pronouncements about what "this means", especially when you throw in a blanket " *any* scripts" reference.

Additionally, I'm *glad* the "rocket scientists" are requiring SMTP Authentication before opening up the servers; this is to the ultimate betterment of all on the shared servers.

--rlparker

OK... whatever. Right now I need to solve this problem and the Dreamhost Status blog is particularly useless in how to implement this in a PHP script calling mail().

I'm assuming I have to add a header, or I have to set something else but WHAT header WHAT do I set?!?

The real facts:

Previously, DH did what most networks would do. If the connection to the SMTP server is coming from a known local host, it didn't require you to auth. This is done by keeping a list of known local IP addresses. Pretty simple stuff.

Now they do require you to auth from a known local server. Without telling anyone in advance.

Now, even if you want to argue that this is a usefull security measure (which it isn't since if you are on the machine already (which is what was required previously), you can now simply look at someone's CGI script to get a valid AUTH credential and can now not only send mail, but read that mailbox as well), perhaps mentioning that they are going to change how they do things ahead of time would have been nice? Maybe if you were more knowledgable on the subject you'd understand that it's not a usefull security measure, and that it breaks a lot of things.

Dreamhost status talks about remote email clients, which have always required you to AUTH (as far as I remember, maybe they didn't? I always have). They also seem to think (according to Dreamhoststatus) that a "Relaying denied" error is caused by your ISP blocking port 25. This is a mystery to me. You couldn't get that error if port 25 was blocked because you couldn't get to the SMTP server in the first place. Really understanding the problem, they are not.

It doesn't talk about CGI scripts, which didn't need to AUTH until now, and will now fail if they don't. This includes the miriad of scripts you get off various internet sites (such as a lot of Forums). Want to know why? Because usually you don't need to auth from a known local server. They hint at it with the pine config, but that's about it.

Of course, they posted it to dreamhoststatus 2 days after they made the change. I know this because I figured it out when mail stoped working from various scripts we use two days ago.

As per usual you defend by trying to pick at something that isn't related. Yes genius, I realize that a CGI script that doesn't use SMTP won't fail. Of course, this person is trying to use SMTP, and the reason it isn't working is because DH just changed how things work and he needs to figure out how to AUTH in php.

For the original poster - I don't use PHP, so I can't tell you exactly how to modify your code. I'd google for "PHP smtp auth" and try and find how to add sending an AUTH to your code. The easiest way is using a AUTH PLAIN. You just need to base64 encode your username and password for sending it that way. You could also use an encrypted version, but it gets a little more complicated.

Ok - found it for you.

PHP's built in mail() doesn't support AUTH for SMTP.

You'll need to use a 3rd party library.

http://email.about.com/od/emailprogrammingtips/qt/et073006.htm

You may want to set up a new email account/user since you're now going to be putting a username and password into your script. As mentioned in my other post, if someone has access to the machine, they can then look at your scripts.

(assorted extraneous verbiage omitted)

In reply to:
As per usual you defend by trying to pick at something that isn't related. Yes genius, I realize that a CGI script that doesn't use SMTP won't fail.

I guess that old "skateboard injury" from falling on your head one time too many is acting up again, once again manifesting itself as needless belligerence when encountering someone who disagrees with you or questions the depth of your expertise wink

In the words of the original poster, "OK..whatever."

As for the "genius" moniker, I respectfully point out that *I* did not claim, "This means *any* scripts you are using will now fail ("relaying denied") when sending to a non-DH hosted domain unless you AUTH with the mail server."... that was *you* (being sarcastic, I suppose, since you *now* "realize that a CGI script that doesn't use SMTP won't fail.")

There was no "defense" stated or implied in my remarks (though I *still* don't think any of this equates to a "major policy change"). You stated Dreamhost didn't mention it; you were wrong. You stated it meant "any scripts you are using will now fail"; you were wrong.

I think my correction was important to the degree that it reassures those whose scripts *are not* broken that they don't have to worry...the "sky is not falling," irrespective of what broach says.

It's great that you are now making an attempt to *productively* respond to the original poster with some help...this a good thing, you go with that!

--rlparker

Jeremy,

Sometimes the most expeditious way to get over this kind of a bump is to do a little reverse engineering. You mentioned that many of your php scripts did not exhibit the problematic behavior, and sent mail without complaint.

I'd suggest inspecting the code for the programs and see how the ones that send successfully differ from those that break. It could present a "quicker" fix than trying to figure out "from scratch" how to "patch" the scripts that are giving you problems.

Alternatively, if you want to post back with the name/url of a script that works, and one that doesn't, I'll try to take a look into it later tonight, or first thing tomorrow. I'm fortunate, in that all the mail functions in the PHP scripts I use regularly are working fine, but that means I don't have an example of a "broken" script close at hand.

--rlparker

Actually, it isn't that some SCRIPTS don't work and others do, it is that some EMAIL ADDRESSES don't work. I don't get an "invalid address" notice, I get relay denied going out of dreamhost. I suspect that it is because DH got the message from mail() instead of an STMP. That is, I suspect it is all due to the new STMP enforcement by DH.

To solve it, I dug around and found a very nice mail class PHPMailer (http://phpmailer.sourceforge.net/) which was easy to implement and works like a charm. Dropped that into my main block of included functions, switched a couple of calls and I seem to be using the STMP perfectly. Now, we need to see if that allows us through to the "bad" addresses.

Thanks for the sounding board(s)... Don't chew each other up too much. There are more important things in the world.
-Jeremy

Good deal! I'm glad you got it sorted *and* that you posted your workaround for others to see.

If it is not too inconvenient, I'd love to know whether or not PHPMailer (http://phpmailer.sourceforge.net/) does resolve the problem and lets you through to those "bad" addresses. That might be very useful for others to know.

In reply to:
Don't chew each other up too much. There are more important things in the world.

Good advice followed by a true statement ; true economy of words there. Not to worry! wink

--rlparker

Just for others to know - The use of PHPMailer sending through the DH server does seem to solve the problem of some messages being rejected by external mail servers. I was able to send several messages to previously unreachable e-mail addresses. (Frustrating before because these were customers who had ASKED to be informed of something and we couldn't reach them because of the STMP issue).

http://phpmailer.sourceforge.com

drop the two main PHP files and the language sub-folder into a folder on your site, then use:

ini_set("include_path", ".:/home/bla/bla/bla/phpmailer/");

and follow their example on the home page. Works like a charm.

-Jeremy

Well ... according to the happy-happy-dreamhoststatus, apparently they figured out that they broke a lot of things (like, their miva merchant customers), and you don't have to auth for the MTA running on your actual server (vs. using the SMTP server cluster for your domain).

And only 4 days after they made their policy changes!

This is such a delimma in some ways. They are being slammed for running too open and being a SPAM wh0re, then they try to close up some potential holes and hang their customers (and even themselves) in the process. Gads.

Grrrr, as a Miva Merchant user I am 100% screwed in that I can't fix this. I have no clue.... I have two customers that I want to e-mail about placing their orders but I want to make sure that they'll be able to checkout w/o this problem first.