php - PHP 5.x mail() 是否验证“回复”字段中域的有效性？

Question

我最近一直在“美化”一些久经考验的真实电子邮件表单，以使它们对移动设备更友好，并认为看到 PHP mail() 函数现在随机失败（并返回 FALSE），我已经疯了。好吧，这不是随机的。在几乎拔掉我所有的头发之后，我终于意识到，每当我为成为我的“回复”地址的表单字段输入无效域时，mail() 都会失败，并返回 FALSE！请注意，这些不是“格式错误”的电子邮件地址（我已经检查过），只是无效的（例如“name@goooogle.com”）。

如果您认为这很重要，我在下面包含了一个测试表单代码，但是您认为这是 PHP 的一个新“功能”，还是只是我的托管公司的服务器正在做的事情？如果是 PHP，是否有一些新的“testDomain()”函数我也可以添加到我的表单中？提醒犯了合法错误的用户会很好，但我可以肯定地告诉他们的是他们的邮件尝试失败了。毕竟，mail() 不会返回一些友好的小错误代码来指示发生了什么，它只是返回 true 或 false。事实上，当它返回 false 时，它甚至不会在日志文件中报告错误。

说实话，这是我唯一一次让 mail() 在我的表单中失败。但我认为假设失败总是意味着域名不好是不明智的。

<!DOCTYPE HTML>
<html>
<head> <title> Simple Test Email Form;</title>  </head>

<!--
<?php
// define variables and set to empty values
$name = $email =  $comments = ""; // $address = $citystate = $zip = $phone  not used
$nameErr = $emailErr = $commentsErr = "";
$headers = $email_message = $sendersIP = "";
$email_to = "myaddress@mydomain.org";  // this is bogus!!! 
$email_subject = "Private Mailform";
$status = "Form Not Yet Processed";

// some basic security functions

function clean_string($string) {
       $bad = array("content-type","bcc:","to:","cc:","href");
       return str_replace($bad,"",$string);
     }

function test_input($data) {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}

// mail processing

if ($_SERVER["REQUEST_METHOD"] == "POST") 
{   
    if (empty($_POST["name"]))   {  $nameErr = " Name is required"; }
    else {  $name = test_input($_POST["name"]); }
    if (empty($_POST["email"])) { $emailErr = "Email is required"; }
    else {  $email = test_input($_POST["email"]); }
    // at least email should be validated
    if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) { $emailErr = "Invalid email format"; }

    // keep senders IP, so we can watch for idiots.
    $sendersIP = $_SERVER['REMOTE_ADDR'];

    $comments = $_POST["comments"];  

    // So is all well?
    if (empty($nameErr) && empty($emailErr) && empty($commentsErr)  )
        {
        $email_message = $headers = "";

        $email_message .= "Name:  ".clean_string($name)."\n";
        $email_message .= "Email: ".clean_string($email)."\n";
        $email_message .= "IP:    ".$sendersIP."\n";
        $email_message .= "Comments: "."\n\n".clean_string($comments)."\n";

        // create regular email headers
        $headers .= 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();

        $mail_sent = mail($email_to, $email_subject, $email_message, $headers); 

        // modify status string to show result      
         $status = ($mail_sent==TRUE) ? "mail() function returned TRUE" :" mail() function returned FALSE";
        }
}
?>

-->
<body >
<table><tr><td style ="text-align:right;" width=100%> 

<b><?php echo $status; ?></b><br>

<p><span >* = required fields.<br>Please double check your email address.</span></p>

<form name="contactform" method="post" enctype="multipart/form-data" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
Name: <span class="error">*<?php echo $nameErr;?></span>&nbsp;
   <input type="text" name="name" value="<?php echo $name;?>"><br>
Email: <span class="error">*<?php echo $emailErr;?></span>&nbsp;
    <input type="text" name="email" value="<?php echo $email;?>"><br>
<br>
<div align="center"> ---- <span class="error">*</span> Message ---- <span class="error"><?php echo $commentsErr;?></span><br>
<textarea name="comments" wrap="physical" cols="40" rows="10"  ><?php echo $comments;?></textarea>

<br><br>

</div>

<input name="submit" id="submit" type="submit" value="Submit"  >

</form> 
</td></tr></table>

</body>
</html>

score 2 · Accepted Answer

mail has no native checks for validity. Vanilla sendmail doesn't either. So it's possible your host has their MTA client doing this. You might be able to test this using a separate mail client. For instance, ZF2, PHPMailer and many other modern PHP mailing systems don't use the mail function at all. They actually open a socket and send the mail commands directly. It's not easy, but you could tinker with this to send you back the actual commands and responses and see where the SMTP transaction is failing.

You can add your own validation before it gets that far, incidentally.

// this will fail to send if the DNS for the domain has no MX records
if(!checkdnsrr($domain, 'MX')) { 
     // don't send
}

score 1 · Accepted Answer

不mail()，不是为了那个。您使用的 SMTP可能会这样做，但这取决于所述服务器的设置。

PS：不要使用mail()。这是非常原始的。使用phpmailer或其他工具让邮件发送更轻松

php - PHP 5.x mail() 是否验证“回复”字段中域的有效性？

2 回答 2

Related

Reference