|
|
Posted by Jerry Stuckle on 03/28/07 13:14
Jason wrote:
> I'm troubleshooting a program that I didn't build, so forgive me on
> this one. It's called email.php, and it looks like a program that the
> original developer must have downloaded from somewhere.
>
> The part of the program that sends an email states this:
>
> $headers = 'MIME-Version: 1.0' . "\r\n";
> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
> // Additional headers
> if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }
> $headers .= 'From: '.$from.'' . "\r\n";
> if (isset($_REQUEST["cc"])){ $headers .= 'cc: '.$cc. "\r\n"; }
> if (isset($_REQUEST["bcc"])){ $headers .= 'Bcc: '.$bcc. "\r\n"; }
>
> // Mail it
> error_reporting(E_ERROR | E_WARNING | E_PARSE);
> mail($to, $subject, $message, $headers) or die("<h3>Cannot send mail.</
> h3><br>mail(to, subject, message, headers)<br>mail($to, $subject,
> $message, $headers)");
> header("Location:".$_REQUEST["LocOK"]);
> exit;
>
> (Note, this is copy-and-pasted, and I know that the BCC field is in
> there twice, but I left it verbatim in case there's an error there
> that's causing my problem. The BCC field isn't utilized with the form,
> though, so I think this error is irrelevant.)
>
> The problem is that when it emails out, the server recognizes it as
> coming from "nobody," which is automatically bounced to me. I set the
> server up to refuse "nobody" emails as a hack-attack preventative, but
> it's usually not a problem... until now.
>
> I COULD change the server to allow "nobody" emails, but I would rather
> not. Is there a way to modify the script to show the sender as
> something besides "nobody"? Having something in the $from variable
> doesn't seem to be enough.
>
> This is just a guess, but based on the bounced message, I assume I
> need to include the $from variable in the following fields that
> currently say "nobody":
>
> Return-path: nobody@mydomain.com
> Received: from nobody@mydomain.com
> (envelope-from <nobody@mydomain.com>)
>
> Any ideas?
>
> TIA,
>
> Jason
>
Jason,
First thing you need to do is take that script offline. If spammers
find it you'll have about 15 minute before you're in every spam source
blacklist in the world. And a good hosting company will shut your site
down until you get it fixed.
Then get a secure contact form up there. I can't recommend any offhand
- I wrote my own and use it on various sites. But there are ones out
there. You could try hotscripts.com or see what others here recommend.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|