Friday, September 16, 2016

FIXED: DomainKey signature breaks when sending emails with PHP mail

I experienced a very strange issue with php mail() function on one of my servers yesterday. The story goes like this:

PHP mail() uses /usr/sbin/sendmail to send emails by default. I had a ded server with Plesk panel. I had configured the postfix mail server there to have valid DomainKey / DKIM / SPF authentications. DomainKey/DKIM signatures would work fine when clients sent emails using Outlook or Thunderbird, but DomainKey signatures got broken when emails were sent through PHP mail() function.

The reason was the wrong d=$DOMAIN variable used in DomainKey signature when emails were sent through php mail() function. Strangely enough, I found that it only happens when "FROM" header is set in $additional_headers of php mail() function. Therefore:

mail($dest_email, $subject, $message, "FROM: Mos GH");

breaks DomainKey signatures. The workaround is to remove FROM header and put the sender in $additional_parameters variable:
mail($dest_email, $subject, $message, "", "-f");

However  you can't give your full name like this.

Alternatively one can use PHPMailer to send emails directly through  SMTP instead of sendmail to avoid the issue.

p.s. You can send a test email message to to see how well your emails are authenticated. It's a robot and usually replies back to you with your authentication results in seconds.

No comments:

Post a Comment