Jump to content

Archived

This topic is now archived and is closed to further replies.

mmosel

php based outgoing email and security issues? (source info insecure)

Recommended Posts

Hi all, I'm hoping that maybe some expert in here has had some experience with this or might have some ideas. I have my php scripts that handle my back-end ecommerce processing (notification scripts) send out emails to my customers. I'm hosting on a shared server. While inspecting the emails that my customers receive, I've noticed that there is some very sensitive data that gets included with each email. Such as what machine I'm on at what host. What my username is at this host. And now they have X-AntiAbuse header data that actually shows the name of my script and it's directory! This just seems so lame. Why can't they wrap it in an alias or something?

Anyway, I need to find a way to secure this information. They aren't being very helpful. So, is there a way that I can use php to perhaps forward this email to a service or something that would cleanse this info and then send the email to my customer? Or, are there any other ways that I might be able to get around this?

Thanks for any tips or ideas that you may have.

Share this post


Link to post
Share on other sites
Hi there,

I've noticed this as well. I'm guessing the mail function appends those headers? Perhaps if you connect directly to the SMTP server you can have more control of the headers and get around that. There are some classes to do this at [url=http://www.phpclasses.org/]phpclasses.org[/url].

Travis

Share this post


Link to post
Share on other sites
Thanks for the tip. I am using PHPMailer, which works wonderfully, but I was using the IsMail and IsSendmail functions. These functions were making the headers much worse than they needed to be. I switched to using the SMTP feature in my script, and it has eliminated some of my concerns from the source info. It still shows my server and host, but it doesn't show my username and the X-AntiAbuse doesn't show the script name that generated the email! Not perfect, but better!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.