All geek questions in one place

Php mail and SMTP when using cloudflare

I use cloudflare on my website and I want my server IP address (ORIGIN IP) to be closed to avoid DDoS attacks sent directly to my server IP address. My server uses Apache, PHP, MySQL.

When using php mail to send email (even if I use the phpmailer library to send email via external SMTP), the IP address of my server is added to the mail headers. This happens with Google SMTP, Mailgun and others, because it is probably in their policy to write in the header the IP address from which the mail was received.

At the moment, this is the only solution that I have in mind and requires a lot of effort, which consists in creating my own REST API and sending emails through another server, something like this:

ORIGIN SERVER IP sends email data in text format via my REST API to MY MAIL SERVER IP, and then MY MAIL SERVER IP uses the php mail function with phpmailer to send email via SMTP to the user. Thus, the IP address of MY MAIL SERVER will appear in the email headers, and not in the IP address of the ORIGIN SERVER.

Is there a more elegant way to do this? Is there a mail service that offers an API for recreation, and if I use their APIs, they will not display the IP address of my server in the email headers? Or maybe a REST API / library has already been developed for sending emails remotely, as I requested, so I don’t have to develop and test my own from scratch?

+5
source share
5 answers

You must send emails via mailgun (or sendgrid, jetmail or SES or ...) through your API , not the SMTP protocol, and your IP address will not be disclosed.

For example, for the Mailgun SDK: https://github.com/mailgun/mailgun-php

$mg = Mailgun::create('key-example'); # Now, compose and send your message. # $mg->messages()->send($domain, $params); $mg->messages()->send('example.com', [ 'from' => ' bob@example.com ', 'to' => ' sally@example.com ', 'subject' => 'The PHP SDK is awesome!', 'text' => 'It is so simple to send a message.' ]);

But for most suppliers there is an SDK:

In addition, I would recommend using SwiftMailer , which is a powerful library for email processing. One of the great things is that it abstracts the transport, and you can switch from SMTP or any API provider using packages.

+6
source

You can use for example. mailchimp, SES American or another mail service provider, they should not add your ip. But these services are paid.

0
source

Once upon a time, in college, I can't use the php mail command because of firewall rules, so write your own SMTP authentication class. Some time ago, I started using the PHPMailer class, and I never had another problem, even using Gmail as the sender. Take a look at https://github.com/PHPMailer/PHPMailer .

This is a simple example:

 <?php // Import PHPMailer classes into the global namespace // These must be at the top of your script, not inside a function use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\Exception; //Load composer autoloader require 'vendor/autoload.php'; $mail = new PHPMailer(true); // Passing `true` enables exceptions try { //Server settings $mail->SMTPDebug = 2; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'smtp1.example.com;smtp2.example.com'; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = ' user@example.com '; // SMTP username $mail->Password = 'secret'; // SMTP password $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 587; // TCP port to connect to //Recipients $mail->setFrom(' from@example.com ', 'Mailer'); $mail->addAddress(' joe@example.net ', 'Joe User'); // Add a recipient $mail->addAddress(' ellen@example.com '); // Name is optional $mail->addReplyTo(' info@example.com ', 'Information'); $mail->addCC(' cc@example.com '); $mail->addBCC(' bcc@example.com '); //Attachments $mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments $mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name //Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = 'Here is the subject'; $mail->Body = 'This is the HTML message body <b>in bold!</b>'; $mail->AltBody = 'This is the body in plain text for non-HTML mail clients'; $mail->send(); echo 'Message has been sent'; } catch (Exception $e) { echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo; }
0
source

get an instance from any cloud provider, send a REST request to that instance or whatever you prefer, then your original ip web server will be completely invisible.

0
source

There is no API or elegant way to hide your IP address from your emails. Any SMTP provider that offers this deserves blacklists and will be immediately eliminated by spammers who sign up to abuse this privacy.

You should use the idea of ​​creating an internal web relay system to send to other IP addresses before starting SMTP. But the complexity of setting this level should be more than rebuilding your current site with a different IP address.

This sounds like a classic case of treating your server as a pet, not a cattle. If restoring your current site to a new IP address is less attractive than creating and maintaining a custom web API to hide your IP address from exposure, you need to study automation tools.

0
source

Source: https://habr.com/ru/post/1275357/

More articles:


All Articles