Re: Re[2]: [PHP] Nonstandard SMTP line terminator

[John Holmes]

> From: "Ufuk M. Fakioglu" <[EMAIL PROTECTED]>

> Here's the piece of code that composes and sends the e-mails:
> 
> $row=mysql_fetch_array($sql);
> $name=$row[1];
> $email=$row[2];
> $subject=$_POST["subject"];

Bad idea here. You're script is vulnerable to mail header injection attacks. Malicious 
users can send a multi-line subject and insert additional headers and/or content into 
your email messages. This will allow them to set false return paths, false content or 
have your server send out spam for them. Filter any newlines from $_POST['subject'] 
before you use it. 

> $msg=stripslashes($_POST["msg"]);
> $msg=str_replace("RCPT_NAME", $name, $msg);
> mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n".
> "Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n".
> "Content-type: text/html; charset=iso-8859-9\r\n");
> 
> Could it be the SQL query returning the "nonstandard terminator"?
> 
> How do I decide to use \n instead of \r\n?

Have you tried just using \n in the headers you create above? What OS are you running? 
Are the error messages you're receiving from a specific OS?

This doesn't really sound like a PHP issue. More like your mail server is sending out 
mail in a bad format (maybe by using \n instead of \r\n?)...

---John Holmes...

UCCASS - PHP Survey System
http://www.bigredspark.com/survey.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re[2]: [PHP] Nonstandard SMTP line terminator

[Justin Patrin]

On Thu, 19 Aug 2004 21:33:22 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote:
> Here's the piece of code that composes and sends the e-mails:
> 
> $row=mysql_fetch_array($sql);
> $name=$row[1];
> $email=$row[2];
> $subject=$_POST["subject"];
> $msg=stripslashes($_POST["msg"]);
> $msg=str_replace("RCPT_NAME", $name, $msg);
> mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n".
> "Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n".
> "Content-type: text/html; charset=iso-8859-9\r\n");
> 
> Could it be the SQL query returning the "nonstandard terminator"?
> 
> How do I decide to use \n instead of \r\n?
> 

Check the manual and/or RFC and/or the package you end up using.

> Thanks,
> 
> Ufuk
> 
> JP> On Thu, 19 Aug 2004 19:33:11 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote:
> >> Hi,
> >>
> >> I am using mail() with php 4.3.8 on FreeBSD 4.10 to send bulk mail.
> >> Although I use \r\n in the header parameters, some mail servers
> >> respond with "Nonstandard SMTP line terminator."
> >>
> >> What can I do?
> >>
> 
> JP> If you send some code, perhaps we can help. Perhaps you should be
> JP> using \n instead of \r\n? Or maybe anohter part of the message uses \n
> JP> instead of \r\n?
> 
> JP> Otherwise, you can look into a different mailing system.
> JP> http://pear.php.net/package/Mail
> JP> http://pear.php.net/package/Mail_mime
> 

-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re[2]: [PHP] Nonstandard SMTP line terminator

[Ufuk M. Fakioglu]

Here's the piece of code that composes and sends the e-mails:

$row=mysql_fetch_array($sql);
$name=$row[1];
$email=$row[2];
$subject=$_POST["subject"];
$msg=stripslashes($_POST["msg"]);
$msg=str_replace("RCPT_NAME", $name, $msg);
mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n".
"Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n".
"Content-type: text/html; charset=iso-8859-9\r\n");

Could it be the SQL query returning the "nonstandard terminator"?

How do I decide to use \n instead of \r\n?

Thanks,

Ufuk

JP> On Thu, 19 Aug 2004 19:33:11 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote:
>> Hi,
>> 
>> I am using mail() with php 4.3.8 on FreeBSD 4.10 to send bulk mail.
>> Although I use \r\n in the header parameters, some mail servers
>> respond with "Nonstandard SMTP line terminator."
>> 
>> What can I do?
>> 

JP> If you send some code, perhaps we can help. Perhaps you should be
JP> using \n instead of \r\n? Or maybe anohter part of the message uses \n
JP> instead of \r\n?

JP> Otherwise, you can look into a different mailing system.
JP> http://pear.php.net/package/Mail
JP> http://pear.php.net/package/Mail_mime

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php