"x-php-script:url" I want to hide this url from my subscribers

[nzizo]

hello,

 

I have build newsletter,

everything work just fine..

BUT when using the "view source" of mail client  I can see the url of script file..

 

X-PHP-Script: www.domain.com/admin/send_letters.php for 44.76.38.112

 

there is no way to hide this url?

for security reason.

 

thank you

[nzizo]

Please I need to know how can I change the value of this header.

Someone else on other forum said to me this maybe a server setting and there is nothing I can do about it...

I contact with my hosting provider (hostgator) and they said this is not a server setting but PHP...

#$%$#@%

:-\

 

nobody ever have the same problem? even for security reason..

 

thanks

[PFMaBiSmAd]

The header placed into the email was probably put there by your newsletter script. You would need to find where in that script the information is being set and change what is being put into the header.

[nzizo]

Thanks for replying

I create this script myself and I never use "X-PHP-Script:" header in my scripts, these are the only headers in the script.

...
$headers = "From: domain.com <newsletter@domain.com>" . "\r\n"; 
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html; charset=utf-8" . "\r\n";
$headers .= "x-mailer: php/" . phpversion() . "\r\n";
...

where to edit the "X-PHP-Script:" header?

I think this header placed into the mail automatic by php..

 

Thank you

[CroNiX]

maybe add your own 'X-PHP-Script' header and try to override it.  I googled X-PHP-Script and its actually built into php5, before that you had to patch php to get it.  I think it is for security so you can easily find scripts that are sending mail out (like spam) to help identify the culprit.  If your script is written securely, why does it matter if your users know the location?  They couldn't do anything with it...

[nzizo]

Like that?

...
$headers = "From: domain.com <newsletter@domain.com>" . "\r\n"; 
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html; charset=utf-8" . "\r\n";
$headers .= "x-mailer: php/" . phpversion() . "\r\n";

$headers .= "X-PHP-Script: new path\r\n";
...

[PFMaBiSmAd]

You would need to try it and see.

 

In searching for information on this, it appears that the header is due to a patch that some individual created and it might not be an official part of the php source. I also saw that PHP_SELF was used to get the script's name which allowed spam emails to be sent by including content on the end of the URL that is then placed directly into the header field.

 

If you cannot solve this (and given the security hole that may or may not have been fixed in your php installation), you can get around using the php mail() function by using a script like phpmailer and configure it to directly use an SMTP server or configure it to directly use sendmail.

[nzizo]

Thank you, I will try PHPMailer looks cool