I’ve been put into a situation where the most basic php function mail() has been giving me a headache. It’s because there are no parameters to be specified and you cannot send an email without sacrificing security and to be perfectly clear; you cannot even send email the right way using it in most cases.
When you have an internal web server running a PHP application, there is no way to send an email via your internal mail server without bending the mail server’s rules. There are mail frameworks/libraries which allows you to be on the good side of things, but sometimes you cannot change the code for various reasons.
I couldn’t fix the PHP side due to custom implemented scripts and ongoing upgrades which would revert my changes back, also the customer’s vendor refused to fix the email functionality, therefore i was forced to find a workaround on system side.
After some investigation and couple of mistakes I discovered the msmtp can come to rescue.
It’s installation is just matter of “yum install msmtp” command and also configuration is quite easy. It’s worth mentioning that configuration file has to be owned by the system user invoking the command and also its permissions to be granted only to that user account. If not met, you will see an error message in log complaining about it.
[root@server ~]# ls -hal /etc/msmtp.conf -rw------- 1 apache apache 253 Dec 12 22:44 /etc/msmtp.conf
Here is my config for user apache:
[root@server ~]# cat /etc/msmtp.conf defaults logfile /tmp/msmtp.log port 465: tls on tls_certcheck off tls_starttls off account webmail host 10.10.10.213 from firstname.lastname@example.org auth on user email@example.com password *********** account default : webmail
And also modification of /etc/php.ini file so we use msmtp instead of sendmail command:
[root@ server ~]# grep sendmail_path /etc/php.ini sendmail_path = /usr/bin/msmtp -C /etc/msmtp.conf -t -n