Competent setting of the mail sending server for PHP scripts, setting up the mail () function
In this topic, you will learn how to properly configure the outgoing mail server and, in particular, the mail () function in PHP. I myself am a creepy pedant. I love everything to be everywhere in their places, I do not like hack-work. Seeing once complete nonsense in the headers of the letter from my server, I figured it out dramatically and unconditionally. By intelligent configuration, I mean one that meets the needs of spam filters of large mail systems, and just looked beautiful and meaningful.
As you know, the SMTP protocol does not imply any means of protection against spam and user authentication, so large and not-so-great companies have invented protocol fixes.
If you are installing a dedicated server with a domain hosted on it, it is highly recommended that you make these settings so that everything is as it should be.
I spent a lot of time studying this question, having understood each heading. I started with the basic settings from the packages, at the same time I chose what I liked from the provided packages, but I finished it with a subtle fenshui, which I didn’t realize until the end, because it was already quite refined.
The title of the title chose exactly this, since at the beginning of my path I was looking for something like this. We will configure postfix, php, dns (ptr, spf), and more.
')
This article will be interesting to people setting up dedicated servers, but no less interesting for ordinary programmers .
Details under the cut
Someone uses the libs that replace the mail function (for example, phpmailer), they can communicate with SMTP directly, or they can send it to a local server. But it is better to use the standard built-in and configured PHP mail () function which will send mail to the local outgoing mail server, which in turn will deal with it itself. When using this function, the brakes are the least quantity, as the local mail agent quickly accepts or rejects the mail, and if so, it delivers it by itself.
The article is not formatted in the best way. I apologize, time is running out, but I want to tell while I remember, but then there will be no time.
We test this method
We will read a lot of headers. It is very convenient to browse headlines in gmail, there is such a chip in 2 clicks, you will find it yourself.
- Here are these headers from gmail.com
Please note that these are the headers with which the letter goes to the end-user box.
- As well as these headers from mail.ru
When you first start, you will see that you do not have such beautiful headlines. The receiving mail server will take you as a chuchmek, and will write about this in the header of the letter with a warning that he will deliver you a little more in a black list. All information in the header is used by all chains of servers and the receiving agent in order to, depending on the settings of the spam filter, reject the letter or accept. The most dragon methods are black lists, and soft ones define bad ones by headings and complaints.
I also notice that if you set the 4th parameter in the mail () function and put the From header, then the From: no-reply@wartur.ru title will also change, and if you do not specify it, it will be automatically determined the same as the header Return-path: <no-reply@wartur.ru>, which you can see in my headlines.
Such a scheme is very convenient: sending goes through a server with a modified From header, and reception to gmail (via domain services). It is desirable that the mail would also belong to the same domain for which the server is configured, as well as some of the items listed below.
- Board
Gentlemen, I like to put all the packages, and I do not advise newcomers to engage in amateur activities, many packages already have automatic configuration scripts, the results of which need only be a little tweaked and everything will be fine. In addition, from the repositories it is updated by itself and generally less so is just because it is smaller.
- PHP setup
We set as we want php, it's you somehow without me.
Go to the settings of php, replace the equivalent:
By this we have specified the header Return-Path: <no-reply@wartur.ru>
By the way, 1: it will be such for all virtual domains of the server, in order to fix it and configure it for the current one, then you need to pass the 5th parameter to the mail () function.
By the way 2: if you put the 5th parameter on a regular virtual hosting, then you are also advised to set up your domain, as described below. I draw your attention to the fact that the operation with PTR records cannot be done, since 1 IP = Domain, or at least it is not recommended to make them 2, I don’t remember already.
- Configure MTA , it is also a local outgoing mail server
I sincerely advise you postfix, then go to the settings /etc/postfix/main.cf
for those who have already run into sendmail, and realized how hard they are being cut out of the system, I advise the command:
Next, we do an equivalence like this
myhostname = wartur.ru
#smtp_helo_name = k-wartur.wartur.ru
mydestination = _ALL_, wartur.ru, k-wartur.wartur.ru, localhost.wartur.ru, localhost
(k-wartur.wartur.ru - this is my server in the domain wartur.ru)
- If I'm not mistaken, it helped. When the delivery agent is submitted to another server, HELO is transmitted. Change myhostname, change the following header:
Message-Id: <20120121212420.460BC9B7@wartur.ru>
- smtp_helo_name by default is myhostname, read materiel
- mydestination - if I'm not mistaken, it sets the domains from which the MTA will accept mail for processing, if you have virtual hosting (which I arranged on the server at home), then without _ALL_ you will have problems sending mail from other domains than those specified .
Well, you see, the headlines are much more correct, aren't they, or else the horror was at first.
- Showdown with postal services (mailers)
And they consider us as an unkind source.
Our server was able to correctly introduce helo, but only mailers do not trust us anyway.
For this, an algorithm was invented, so that the domain owner using DNS (if he is of course literate as we) could indicate that you can trust such-and-such servers, but others cannot.
You instead of the horror that now should have this:
We are already on the road to truth. By the way, by default, the mailer considers everything as v = spf1 ~ all, which lowers the threshold level of entry into the blacklist, and you can also use your domain to send spam, and you did not know yourself that they would be marked as bad for future times.
We go to DNS and create a TXT record in your domain, in my case wartur.ru
v = spf1 + mx + a: wartur.ru + a: k-wartur.wartur.ru + include: gmail.com -all
v = spf1
This means that the version of the spf1 algorithm
+ mx
You can trust the mail if it is sent from mx servers, for example, if mx.wartur.ru is a reception server, then if it sends the server, everything will be fine.
+ a: wartur.ru
You can trust the server serving the domain wartur.ru
I will also add, for example, pupkin.ru is located on my mail server.
I gave Pupkin to drive my outgoing mail server k-wartur.wartur.ru (the usual situation of virtual hosting, it always stands locally, as a database, and everything is all all). Then he should set up + a: k-wartur.wartur.ru
+ include: gmail.com
We import all the rules of gmail.com, they also have such a TXT record for their servers. (I use google services for a domain)
-all
We indicate that the admin considers other places not his own, and this may be the nearest brothel in the gateway sending spam on my behalf
(+ all and this means that the whole world is my friends)
Materiel for self-learning
http://ru.wikipedia.org/wiki/Sender_Policy_Framework
- Showdowns with postal services, setting up reverse PTR
Mailers still ask for the return domain zone PTR for an extra tick, I think this tick is one of the fattest , as it defines the server 100%, and if it behaves correctly, then it is very much trusted and any letter will reach the addressee.
X-Mru-PTR: wartur.ru, it’s in google it’s Received: from wartur.ru (wartur.ru. [188.134.79.140])
The note:
In a virtual hosting, you will not be allowed to do this, they have their server zamapin at this address, some servername.badhosting.ru, on which you host, and generally only on your own server with your own IP, it is possible to crank it.
Interesting: If you live at home, and I have one of the servers at home, in particular wartur.ru. What to do? like IP dedicated, and the return address is not configured. I called above (to the provider) said they say, and so I want to PTR zone. I did it, very pleased.
X-Mru-BL: 0: 0: 0: 0 God forbid you to have anything other than zeros, these are blacklist.
X-Mru-OF: the interface from which is sent, I still do not understand what it depends on.
X-PHP-Originating-Script: - I would advise you to add, although if you are very concerned about security and non-disclosure, you can also prohibit it. This is done not far from the PHP settings of which we did. Enabled by default.
It is also possible and interesting to see what Yandex writes when receiving, very interesting.
There are still some digital signatures.
determined by the header, DKIM-Signature
In appearance, I already had everything in order, and this title is not very necessary. It is usually needed by a very large scale service like facebook or google where the sending of notifications and mail goes on a gigaton scale. If your service does not have millions of users, do not think about it, although if you are a surveyor, write how it is here and we will link the articles - that everything would seem completely complete, but I ask you to write a lot easier, because I have already seen somewhere articles about it all. From myself I’ll add that I was too lazy to install another package, to figure it out and something else.
Unfortunately, there is no material, because I collected it from scratch 4 months ago, then I didn’t have time, and now I have written from memory.
Successful competent setup of your server. I tried to explain at least one of several aspects of customization.
UPD:
Found an interesting proof on the topic: http://forum.ixbt.com/topic.cgi?id=7:26978
It is also interesting to read:
http://habrahabr.ru/blogs/sysadm/114852/
UPD2: 2012.08.02
Cool article just on the topic!
http://habrahabr.ru/post/141534/
UPD3: 2013.04.04
Hoping for the consciousness / attentiveness of people, I put the workplaces, so that you saw the real picture and changed them. I repeatedly received messages with meaningless content in the mail, so I changed the address to YOURMAIL@DOMAIN.DOM
As you know, the SMTP protocol does not imply any means of protection against spam and user authentication, so large and not-so-great companies have invented protocol fixes.
If you are installing a dedicated server with a domain hosted on it, it is highly recommended that you make these settings so that everything is as it should be.
I spent a lot of time studying this question, having understood each heading. I started with the basic settings from the packages, at the same time I chose what I liked from the provided packages, but I finished it with a subtle fenshui, which I didn’t realize until the end, because it was already quite refined.
The title of the title chose exactly this, since at the beginning of my path I was looking for something like this. We will configure postfix, php, dns (ptr, spf), and more.
')
This article will be interesting to people setting up dedicated servers, but no less interesting for ordinary programmers .
Details under the cut
Preamble
Someone uses the libs that replace the mail function (for example, phpmailer), they can communicate with SMTP directly, or they can send it to a local server. But it is better to use the standard built-in and configured PHP mail () function which will send mail to the local outgoing mail server, which in turn will deal with it itself. When using this function, the brakes are the least quantity, as the local mail agent quickly accepts or rejects the mail, and if so, it delivers it by itself.
The article is not formatted in the best way. I apologize, time is running out, but I want to tell while I remember, but then there will be no time.
What to check our work?
We test this method
$result = mail('yourmail@domain.ru', 'subject', 'message'); if($result) { echo ' '; } else { echo '- '; } We will read a lot of headers. It is very convenient to browse headlines in gmail, there is such a chip in 2 clicks, you will find it yourself.
What goals in the headings do we need to achieve?
- Here are these headers from gmail.com
Please note that these are the headers with which the letter goes to the end-user box.
Delivered-To: YOURMAIL@DOMAIN.DOM
Received: by 10.182.0.137 with SMTP id 9cs9033obe;
Sat, 21 Jan 2012 13:25:09 -0800 (PST)
Received: by 10.205.119.199 with SMTP id fv7mr1052469bkc.113.1327181107295;
Sat, 21 Jan 2012 13:25:07 -0800 (PST)
Return-Path: <no-reply@wartur.ru>
Received: from wartur.ru (wartur.ru. [188.134.79.140])
by mx.google.com with ESMTP id ua10si4066845bkb.110.2012.01.13.13.25.06;
Sat, 21 Jan 2012 13:25:07 -0800 (PST)
Received-SPF: pass (google.com: domain of no-reply@wartur.ru designates 188.134.79.140 as permitted sender) client-ip = 188.134.79.140;
Authentication-Results: mx.google.com; spf = pass (google.com: domain of no-reply@wartur.ru designates 188.134.79.140 as permitted sender) smtp.mail=no-reply@wartur.ru
Received: by wartur.ru (Postfix, from userid 1002)
id 9913B61D; Sun, 22 Jan 2012 01:24:55 +0400 (MSK)
To: YOURMAIL@DOMAIN.DOM
Subject: subject
X-PHP-Originating-Script: 1002: index.php
Message-Id: <20120121212455.9913B61D@wartur.ru>
Date: Sun, 22 Jan 2012 01:24:55 +0400 (MSK)
From: no-reply@wartur.ru
- As well as these headers from mail.ru
Return-path: <no-reply@wartur.ru> Received-SPF: pass (mx64.mail.ru: domain of designart 188.134.79.140 as permitted sender) client-ip = 188.134.79.140; envelope-from=no-reply@wartur.ru; helo = wartur.ru; Received: from [188.134.79.140] (port = 64667 helo = wartur.ru) by mx64.mail.ru with esmtp (envelope-from <no-reply@wartur.ru>) id 1RoiQJ-0005E9-6r for wartur@list.ru; Sun, 22 Jan 2012 01:24:31 +0400 X-Mru-BL: 0: 0: 0: 0 X-Mru-PTR: wartur.ru X-Mru-NR: 1 X-Mru-OF: Linux (ethernet / modem) X-Mru-RC: RU Received: by wartur.ru (Postfix, from userid 1002) id 460BC9B7; Sun, 22 Jan 2012 01:24:20 +0400 (MSK) To: wartur@list.ru Subject: subject X-PHP-Originating-Script: 1002: index.php Message-Id: <20120121212420.460BC9B7@wartur.ru> Date: Sun, Jan 22, 2012 01:24:20 +0400 (MSK) From: no-reply@wartur.ru X-Spam: Not detected X-Mras: Ok X-Mru-Authenticated-Sender: uid: 1002@wartur.ru
When you first start, you will see that you do not have such beautiful headlines. The receiving mail server will take you as a chuchmek, and will write about this in the header of the letter with a warning that he will deliver you a little more in a black list. All information in the header is used by all chains of servers and the receiving agent in order to, depending on the settings of the spam filter, reject the letter or accept. The most dragon methods are black lists, and soft ones define bad ones by headings and complaints.
I also notice that if you set the 4th parameter in the mail () function and put the From header, then the From: no-reply@wartur.ru title will also change, and if you do not specify it, it will be automatically determined the same as the header Return-path: <no-reply@wartur.ru>, which you can see in my headlines.
Such a scheme is very convenient: sending goes through a server with a modified From header, and reception to gmail (via domain services). It is desirable that the mail would also belong to the same domain for which the server is configured, as well as some of the items listed below.
Let's get started
- Board
Gentlemen, I like to put all the packages, and I do not advise newcomers to engage in amateur activities, many packages already have automatic configuration scripts, the results of which need only be a little tweaked and everything will be fine. In addition, from the repositories it is updated by itself and generally less so is just because it is smaller.
- PHP setup
We set as we want php, it's you somehow without me.
Go to the settings of php, replace the equivalent:
sendmail_path = / usr / sbin / sendmail -t -i -fno-reply@wartur.ru
By this we have specified the header Return-Path: <no-reply@wartur.ru>
By the way, 1: it will be such for all virtual domains of the server, in order to fix it and configure it for the current one, then you need to pass the 5th parameter to the mail () function.
$result = mail('YOURMAIL@DOMAIN.DOM', 'subject', 'message', 'From ...', '-fno-reply@yourdomine.ru'); By the way 2: if you put the 5th parameter on a regular virtual hosting, then you are also advised to set up your domain, as described below. I draw your attention to the fact that the operation with PTR records cannot be done, since 1 IP = Domain, or at least it is not recommended to make them 2, I don’t remember already.
- Configure MTA , it is also a local outgoing mail server
I sincerely advise you postfix, then go to the settings /etc/postfix/main.cf
for those who have already run into sendmail, and realized how hard they are being cut out of the system, I advise the command:
aptitude purge sendmail Next, we do an equivalence like this
myhostname = wartur.ru
#smtp_helo_name = k-wartur.wartur.ru
mydestination = _ALL_, wartur.ru, k-wartur.wartur.ru, localhost.wartur.ru, localhost
(k-wartur.wartur.ru - this is my server in the domain wartur.ru)
- If I'm not mistaken, it helped. When the delivery agent is submitted to another server, HELO is transmitted. Change myhostname, change the following header:
Message-Id: <20120121212420.460BC9B7@wartur.ru>
- smtp_helo_name by default is myhostname, read materiel
- mydestination - if I'm not mistaken, it sets the domains from which the MTA will accept mail for processing, if you have virtual hosting (which I arranged on the server at home), then without _ALL_ you will have problems sending mail from other domains than those specified .
Well, you see, the headlines are much more correct, aren't they, or else the horror was at first.
- Showdown with postal services (mailers)
And they consider us as an unkind source.
Our server was able to correctly introduce helo, but only mailers do not trust us anyway.
For this, an algorithm was invented, so that the domain owner using DNS (if he is of course literate as we) could indicate that you can trust such-and-such servers, but others cannot.
You instead of the horror that now should have this:
Received-SPF: pass (google.com: domain of no-reply@wartur.ru designates 188.134.79.140 as permitted sender) client-ip = 188.134.79.140; Received-SPF: pass (mx64.mail.ru: domain of designart 188.134.79.140 as permitted sender) client-ip = 188.134.79.140; envelope-from=no-reply@wartur.ru; helo = wartur.ru;
We are already on the road to truth. By the way, by default, the mailer considers everything as v = spf1 ~ all, which lowers the threshold level of entry into the blacklist, and you can also use your domain to send spam, and you did not know yourself that they would be marked as bad for future times.
We go to DNS and create a TXT record in your domain, in my case wartur.ru
v = spf1 + mx + a: wartur.ru + a: k-wartur.wartur.ru + include: gmail.com -all
v = spf1
This means that the version of the spf1 algorithm
+ mx
You can trust the mail if it is sent from mx servers, for example, if mx.wartur.ru is a reception server, then if it sends the server, everything will be fine.
+ a: wartur.ru
You can trust the server serving the domain wartur.ru
I will also add, for example, pupkin.ru is located on my mail server.
I gave Pupkin to drive my outgoing mail server k-wartur.wartur.ru (the usual situation of virtual hosting, it always stands locally, as a database, and everything is all all). Then he should set up + a: k-wartur.wartur.ru
+ include: gmail.com
We import all the rules of gmail.com, they also have such a TXT record for their servers. (I use google services for a domain)
-all
We indicate that the admin considers other places not his own, and this may be the nearest brothel in the gateway sending spam on my behalf
(+ all and this means that the whole world is my friends)
Materiel for self-learning
http://ru.wikipedia.org/wiki/Sender_Policy_Framework
- Showdowns with postal services, setting up reverse PTR
Mailers still ask for the return domain zone PTR for an extra tick, I think this tick is one of the fattest , as it defines the server 100%, and if it behaves correctly, then it is very much trusted and any letter will reach the addressee.
X-Mru-PTR: wartur.ru, it’s in google it’s Received: from wartur.ru (wartur.ru. [188.134.79.140])
The note:
In a virtual hosting, you will not be allowed to do this, they have their server zamapin at this address, some servername.badhosting.ru, on which you host, and generally only on your own server with your own IP, it is possible to crank it.
Interesting: If you live at home, and I have one of the servers at home, in particular wartur.ru. What to do? like IP dedicated, and the return address is not configured. I called above (to the provider) said they say, and so I want to PTR zone. I did it, very pleased.
Some more words about headlines (all mixed up)
X-Mru-BL: 0: 0: 0: 0 God forbid you to have anything other than zeros, these are blacklist.
X-Mru-OF: the interface from which is sent, I still do not understand what it depends on.
X-PHP-Originating-Script: - I would advise you to add, although if you are very concerned about security and non-disclosure, you can also prohibit it. This is done not far from the PHP settings of which we did. Enabled by default.
It is also possible and interesting to see what Yandex writes when receiving, very interesting.
Additionally
There are still some digital signatures.
determined by the header, DKIM-Signature
In appearance, I already had everything in order, and this title is not very necessary. It is usually needed by a very large scale service like facebook or google where the sending of notifications and mail goes on a gigaton scale. If your service does not have millions of users, do not think about it, although if you are a surveyor, write how it is here and we will link the articles - that everything would seem completely complete, but I ask you to write a lot easier, because I have already seen somewhere articles about it all. From myself I’ll add that I was too lazy to install another package, to figure it out and something else.
Unfortunately, there is no material, because I collected it from scratch 4 months ago, then I didn’t have time, and now I have written from memory.
Successful competent setup of your server. I tried to explain at least one of several aspects of customization.
UPD:
Found an interesting proof on the topic: http://forum.ixbt.com/topic.cgi?id=7:26978
It is also interesting to read:
http://habrahabr.ru/blogs/sysadm/114852/
UPD2: 2012.08.02
Cool article just on the topic!
http://habrahabr.ru/post/141534/
UPD3: 2013.04.04
Hoping for the consciousness / attentiveness of people, I put the workplaces, so that you saw the real picture and changed them. I repeatedly received messages with meaningless content in the mail, so I changed the address to YOURMAIL@DOMAIN.DOM
Source: https://habr.com/ru/post/136735/
All Articles