[SOLVED] mail() and Shared SSL

[aofc]

Hello, kinda new to PHP and wondering if I could get any help with this.

 

I'm trying to send an email form using the mail() function. This page has to be accessed through a shared SSL connection (e.g. https://myhost.com/~user) rather than my own site (www.mydomain.com), as this form will contain sensitive data (don't worry, the email body will be encrypted using GnuPG before getting sent).

 

Now when I access my page over the normal, non-secure connection, everything works. When I access it through shared SSL, the mail() function doesn't do anything, while the rest of my script works.

 

using a basic php test script doing only this:

 

php mail('[email protected]', 'test message', 'this is a test');

 

the mail function returns no error, but works only on the non-secured page (i.e. the email gets to my inbox). could this be an host related issue?

 

Thanks!

 

[soak]

That is an odd one. Yep, I think my host would be the first port of call.

 

Possibly the user the https server runs as is different and doesn't have mail sending permissions although that doesn't really make sense either.

[aofc]

Exactly, that would be weird since I can use system() and run gnupg. Why could I execute a command line when I can't send mail? That doesn't make much sense.

 

Anyway, I opened a ticket with them and am waiting for their reply.

[PFMaBiSmAd]

Since you are not specifying a From: address in the mail() function call, it is probably because you/host has set up a default From: address in the case where the script is reached through a http request and there is no default From: address setup in the case where the script is reached through the https request.

 

Try specifying a From: header in the mail() function call so that you will have a specific From: address in all cases. A From: address should be a valid mail address hosted on the sending mail server to get receiving mail servers to accept the email.

[aofc]

Actually, my original script (not my test script) had a from address (which is entered on the form).

 

Anyway I tried adding both a real working email address ([email protected]) and a bogus [email protected] (which is what appears on emails sent without a from address) to my test script. Both failed in SSL, but worked in the normal page.

 

My host isn't much helpful, they just reply with something like "It should work."

[PFMaBiSmAd]

Any php/mail() errors from adding the following two lines immediately after your first opening <?php tag -

 

ini_set ("display_errors", "1");
error_reporting(E_ALL);

[aofc]

Nothing. Actually the mail() function returns "true", so it's as my email is sent but lost somewhere.

[PFMaBiSmAd]

A True only really means that there is a mail server and it accepted the email. It does not mean that the mail server will attempt to or be able to send it. Your host needs to investigate/supply information about what is different between the case were a site is reached through the shared ssl/https and reached through http.

[soak]

Further to what PFMaBiSmAd  has advised: Try sending the full set of headers. This is what I use to send emails if php encounters an error which has worked on every setup I've tried it on:

 

<?php
        define('CRLF', "\n");

        $headers[] = 'MIME-Version: 1.0';
        $headers[] = 'Content-Type: text/plain; charset=UTF-8';
        $headers[] = 'From: SITE_NAME <[email protected]>';
        $headers[] = 'X-Mailer: PHP5';
        $headers[] = 'X-Sender: [email protected]';
        $headers[] = 'X-Priority: 3';

        @mail('[email protected]', 'SITE_NAME error!', implode(CRLF, $message), implode(CRLF, $headers).CRLF);

 

Have you got full server access (ssh, remote desktop etc?) If so there is more debugging you can do.

 

Lastly, if you phpinfo(); are the SMTP variables different between http and https?

[aofc]

Sending a complete set of headers didn't work either. And I can't see no difference between both "phpinfo()".

 

I don't have access to SSH but I could request it if needed.

 

By the way, accessing the page through the same url as shared SSL, but without SSL (http://myhost.com/~user), doesn't work either. So this is not an issue with SSL, but more with the way they handle both requests.

 

My host is currently investigating.

 

I think this is really an issue they have to resolve, I don't think I can do anything.

[aofc]

According to my host, mail is blocked from this shared url for security reasons. So I got around passing the encryted data to another script running on my domain which can send mail. It works.

 

Thanks for your help guys.

[soak]

Hmmm, security reasons that they didn't know about until they investigated. If I had to guess I'd say they don't know why it's not working.

 

Thanks for letting us know the response though :-D