[wp-trac] [WordPress Trac] #14888: PHPMailer class uses wrong/no sender for mail envelope
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 1 10:17:35 UTC 2012
#14888: PHPMailer class uses wrong/no sender for mail envelope
-----------------------------------------+-----------------------------
Reporter: gkusardi | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Mail | Version: 3.0
Severity: normal | Resolution:
Keywords: reporter-feedback has-patch |
-----------------------------------------+-----------------------------
Changes (by Whissi):
* cc: Whissi (added)
Comment:
OK, let me summarize:
* Your domain is example.org.
* PHP's sendmail directive isn't set.
* PHP is running as user "vhost123".
* The hostname of the server is "ded4321.fw2.dc7.hosting-company.invalid".
When your WordPress installation example.org/blog will now send an email
(e.g. Lost Password), WordPress will set the header value "FROM:
wordpress[@]example.org", but the mail envelope sender will be
"vhost123[@]ded4321.fw2.dc7.hosting-company.invalid".
There is currently no way to set an envelope sender address, right?
Other application give you the option to specify the "sendmail -f" option
for example, but WordPress doesn't have such a feature.
Result:
Any rules targeting wordpress[@]example.org at sender level won't work,
because this is not the sender.
You are concerned (@tigertech) that the average WordPress user would set
the "wrong" address, if there would be such an option? Really, we don't
have to talk about SPF at this place. SPF is failed by design. Forwardings
mails is a basic feature, which is broken by SPF. So you are really
concerned about breaking SPF by WordPress?!
Are you arguing, that the hosting company should set PHP sendmail
directive? That would be a very limiting factor: You could have more than
just WordPress running. If this would be right for WordPress, it would be
also right for other applications. But what should a user do, who wants
that the forum application sends mail using forum at example.org as sender,
the shop system should send mails using the orders[@]example.org sender
address and the blog should use blog[@]example.org? This wouldn't be
possible in your "world". I hope you see, why this argumentation must be
wrong.
Every application should be able to specify the sender address.
And if you fear WordPress could be used for SPAM: It is the
administrator's job to prevent that. If the hosting provider doesn't want
that the user "vhost123" can send mails using any address, the provider is
able to block that. Don't try to solve other people problems. And
remember: The user is already able to specify a SMTP server for outgoing
mails...
I would vote for basos solution (comment 11). You may add it to the
configuration file, not to wp-admin interface, like you did it with other
"critical" options, normal users shouldn't use.
@basos:
Could you please show us your patch you mentioned in comment 14?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14888#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list