PHP How to prevent mail from leaking script and IP in header
Question
I'm using PHPMailer to send out an email.
In the raw message of the email, the header contains
X-PHP-Script: /path/to/my/script.php myip6address, myip4address
I edited into the php.ini these settings
[mail function]
mail.add_x_header = 0
add_x_header = 0
In my php script, when I use ini_get("mail.add_x_header") , it returns "0" .
// to try and erase the info from the global server var
$_SERVER = Array();
$mail = new PHPMailer;
$mail->setFrom("me@mysite.com");
$mail->addAddress("foo@gmail.com");
// to try and override it, instead it just appends and keeps the original header
$mail->addCustomHeader("X-PHP-Script", "No.");
$mail->Subject = "This is a test";
$mail->isHTML(true);
$mail->Body = "hello world";
if($mail->send() == false)
{
var_dump("failed to send mail", $mail->ErrorInfo);
}
It still sends my scripts location and my IP address with every email I send.
It also sends it if I use mail() instead of PHPMailer, but I assume PHPMailer uses mail() under the hood.
How can I disable that header entirely?
1 answers
solution1
0 2021-05-10 06:09:59
Im not sure why your ini settings are not suppressing that. PHPMailer does indeed use mail() by default, but you should try using SMTP to localhost instead as it's both faster and safer than mail() , and will give you control over all the headers. All you have to do is:
$mail->isSMTP();
And the default settings should be fine.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.