Last updated: Fri, 25 Jul 2008

mail

(PHP 4, PHP 5)

mail — Send mail

Description

bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )

Sends an email.

Parameters

to

Receiver, or receivers of the mail.

The formatting of this string must comply with » RFC 2822. Some examples are:

user@example.com
user@example.com, anotheruser@example.com
User <user@example.com>
User <user@example.com>, Another User <anotheruser@example.com>

subject

Subject of the email to be sent.

Caution

This must not contain any newline characters, or the mail may not be sent properly.

message

Message to be sent.

Each line should be separated with a LF (\n). Lines should not be larger than 70 characters.

Caution

(Windows only) When PHP is talking to a SMTP server directly, if a full stop is found on the start of a line, it is removed. To counter-act this, replace these occurrences with a double dot.


<?php
$text = str_replace("\n.", "\n..", $text);
?>

additional_headers (optional)

String to be inserted at the end of the email header.

This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n).

Note: When sending mail, the mail must contain a From header. This can be set with the additional_headers parameter, or a default can be set in php.ini.
Failing to do this will result in an error message similar to Warning: mail(): "sendmail_from" not set in php.ini or custom "From:" header missing. The From header sets also Return-Path under Windows.

Note: If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with » RFC 2822.

additional_parameters (optional)

The additional_parameters parameter can be used to pass an additional parameter to the program configured to use when sending mail using the sendmail_path configuration setting. For example, this can be used to set the envelope sender address when using sendmail with the -f sendmail option.

The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users.

Return Values

Returns TRUE if the mail was successfully accepted for delivery, FALSE otherwise.

It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.

ChangeLog

Version	Description
4.3.0 (Windows only)	All custom headers (like From, Cc, Bcc and Date) are supported, and are not case-sensitive. (As custom headers are not interpreted by the MTA in the first place, but are parsed by PHP, PHP < 4.3 only supported the Cc header element and was case-sensitive).
4.2.3	The `additional_parameters` parameter is disabled in safe_mode and the mail() function will expose a warning message and return `FALSE` when used.
4.0.5	The `additional_parameters` parameter was added.

Examples

Example #1 Sending mail.

Using mail() to send a simple email:


<?php
// The message
$message = "Line 1\nLine 2\nLine 3";

// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap($message, 70);

// Send
mail('caffinated@example.com', 'My Subject', $message);
?>

Example #2 Sending mail with extra headers.

The addition of basic headers, telling the MUA the From and Reply-To addresses:


<?php
$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);
?>

Example #3 Sending mail with an additional command line parameter.

The additional_parameters parameter can be used to pass an additional parameter to the program configured to use when sending mail using the sendmail_path.


<?php
mail('nobody@example.com', 'the subject', 'the message', null,
   '-fwebmaster@example.com');
?>

Example #4 Sending HTML email

It is also possible to send HTML email with mail().


<?php
// multiple recipients
$to  = 'aidan@example.com' . ', '; // note the comma
$to .= 'wez@example.com';

// subject
$subject = 'Birthday Reminders for August';

// message
$message = '
<html>
<head>
  <title>Birthday Reminders for August</title>
</head>
<body>
  <p>Here are the birthdays upcoming in August!</p>
  <table>
    <tr>
      <th>Person</th><th>Day</th><th>Month</th><th>Year</th>
    </tr>
    <tr>
      <td>Joe</td><td>3rd</td><td>August</td><td>1970</td>
    </tr>
    <tr>
      <td>Sally</td><td>17th</td><td>August</td><td>1973</td>
    </tr>
  </table>
</body>
</html>
';

// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

// Additional headers
$headers .= 'To: Mary <mary@example.com>, Kelly <kelly@example.com>' . "\r\n";
$headers .= 'From: Birthday Reminder <birthday@example.com>' . "\r\n";
$headers .= 'Cc: birthdayarchive@example.com' . "\r\n";
$headers .= 'Bcc: birthdaycheck@example.com' . "\r\n";

// Mail it
mail($to, $subject, $message, $headers);
?>

Note: If intending to send HTML or otherwise Complex mails, it is recommended to use the PEAR package » PEAR::Mail_Mime.

Notes

Note: The Windows implementation of mail() differs in many ways from the Unix implementation. First, it doesn't use a local binary for composing messages but only operates on direct sockets which means a MTA is needed listening on a network socket (which can either on the localhost or a remote machine).
Second, the custom headers like From:, Cc:, Bcc: and Date: are not interpreted by the MTA in the first place, but are parsed by PHP.
As such, the to parameter should not be an address in the form of "Something <someone@example.com>". The mail command may not parse this properly while talking with the MTA.

Note: Email with attachments and special types of content (e.g. HTML) can be sent using this function. This is accomplished via MIME-encoding - for more information, see this » Zend article or the » PEAR Mime Classes.

Note: It is worth noting that the mail() function is not suitable for larger volumes of email in a loop. This function opens and closes an SMTP socket for each email, which is not very efficient.
For the sending of large amounts of email, see the » PEAR::Mail, and » PEAR::Mail_Queue packages.

Note: The following RFCs may be useful: » RFC 1896, » RFC 2045, » RFC 2046, » RFC 2047, » RFC 2048, » RFC 2049, and » RFC 2822.


There differenece in body, headers of email (with attachment, without attachment), see this complete example below:

work great for me (LINUX , WIN) and (Yahoo Mail, Hotmail, Gmail, ...)

<?php

$to      = $_POST['to']; 

$email   = $_POST['email']; 

$name    = $_POST['name'];

$subject = $_POST['subject']; 

$comment = $_POST['message'];



$To          = strip_tags($to);

$TextMessage =strip_tags(nl2br($comment),"<br>");

$HTMLMessage =nl2br($comment);

$FromName    =strip_tags($name);

$FromEmail   =strip_tags($email);

$Subject     =strip_tags($subject);



$boundary1   =rand(0,9)."-"

.rand(10000000000,9999999999)."-"

.rand(10000000000,9999999999)."=:"

.rand(10000,99999);

$boundary2   =rand(0,9)."-".rand(10000000000,9999999999)."-"

.rand(10000000000,9999999999)."=:"

.rand(10000,99999);



 

for($i=0; $i < count($_FILES['youfile']['name']); $i++){

if(is_uploaded_file($_FILES['fileatt']['tmp_name'][$i]) && 

   !empty($_FILES['fileatt']['size'][$i]) && 

   !empty($_FILES['fileatt']['name'][$i])){

     

$attach      ='yes';

$end         ='';



   $handle      =fopen($_FILES['fileatt']['tmp_name'][$i], 'rb'); 

   $f_contents  =fread($handle, $_FILES['fileatt']['size'][$i]); 

   $attachment[]=chunk_split(base64_encode($f_contents));

   fclose($handle); 



$ftype[]       =$_FILES['fileatt']['type'][$i];

$fname[]       =$_FILES['fileatt']['name'][$i];

}

}



/***************************************************************

 Creating Email: Headers, BODY

 1- HTML Email WIthout Attachment!! <<-------- H T M L ---------

 ***************************************************************/

#---->Headers Part

$Headers     =<<<AKAM

From: $FromName <$FromEmail>

Reply-To: $FromEmail

MIME-Version: 1.0

Content-Type: multipart/alternative;

    boundary="$boundary1"

AKAM;



#---->BODY Part

$Body        =<<<AKAM

MIME-Version: 1.0

Content-Type: multipart/alternative;

    boundary="$boundary1"



This is a multi-part message in MIME format.



--$boundary1

Content-Type: text/plain;

    charset="windows-1256"

Content-Transfer-Encoding: quoted-printable



$TextMessage

--$boundary1

Content-Type: text/html;

    charset="windows-1256"

Content-Transfer-Encoding: quoted-printable



$HTMLMessage



--$boundary1--

AKAM;



/***************************************************************

 2- HTML Email WIth Multiple Attachment <<----- Attachment ------

 ***************************************************************/

 

if($attach=='yes') {



$attachments='';

$Headers     =<<<AKAM

From: $FromName <$FromEmail>

Reply-To: $FromEmail

MIME-Version: 1.0

Content-Type: multipart/mixed;

    boundary="$boundary1"

AKAM;



for($j=0;$j<count($ftype); $j++){

$attachments.=<<<ATTA

--$boundary1

Content-Type: $ftype[$j];

    name="$fname[$i]"

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

    filename="$fname[$j]"



$attachment[$j]



ATTA;

}



$Body        =<<<AKAM

This is a multi-part message in MIME format.



--$boundary1

Content-Type: multipart/alternative;

    boundary="$boundary2"



--$boundary2

Content-Type: text/plain;

    charset="windows-1256"

Content-Transfer-Encoding: quoted-printable



$TextMessage

--$boundary2

Content-Type: text/html;

    charset="windows-1256"

Content-Transfer-Encoding: quoted-printable



$HTMLMessage



--$boundary2--



$attachments

--$boundary1--

AKAM;

}



/***************************************************************

 Sending Email

 ***************************************************************/

$ok=mail($To, $Subject, $Body, $Headers);

echo $ok?"<h1> Mail Sent</h1>":"<h1> Mail not SEND</h1>";

?>

fogidas at yahoo dot com
14-May-2008 04:18


I think gmail works fine without adding '\n\n' , what doesn't seem to work is the Reply To header. Has anyone paid attention if you try to reply the mail  it takes "From " email and not Reply to.

jyotsnachannagiri at gmail dot com
06-May-2008 01:09


If you are sending an email to Gmail account you need to add two "\n\n" at the end of headers (Don't use single "\n"). If you use single "\n" all the headers will be displayed in the message when received person is viewing the message.



Example:



$headers  = "MIME-Version: 1.0 "."\n";

$headers .= "Content-type: text/html; charset=iso-8859-1 "."\n";

..........

.......

$headers .= "......"."\n\n";

ben at ben-griffiths dot com
27-Mar-2008 02:45


As [apdhanushka at yahoo dot com] stated, you could use PHPMailer to get around being placed in the Spam folder, however I would also reccomend Swiftmailer:



http://www.swiftmailer.org/

apdhanushka at yahoo dot com
30-Jan-2008 04:21


Are you getting spammed while sendig emails using php mail() function to yahoo or hotmail?



 It is a common problem for all using php mail function. To solve this there

are so many answers I have seen in the internet and they do not hit problem

correctly.



Actually the problem here is if we send mails using php mail function we do

not have a signature and other mailing systems thinks that we are spamers.



So the solution is using a free remote smtp host like gmail to send our mails.

It is not hard because we have a free php smtp project called PHPMailer. You

can download it from http://sourceforge.net/project/showfiles.php?group_id=26031.

You do not need to install it on your server and you can upload it to the server with your code.



It is very easy to understand how it is used to send mails using examples

zipped with PHPMailer. The following code is to send emails using gmail and

to do that you have to have a gmail mail account. Which can easily be created

by visiting http://gmail.com. Your mails will

send using that mail account and they will never become spams...



You can follow the following link to get the code to send emails using gmail's free smtp service.

http://bestdeveloper.blogspot.com/

apdhanushka at yahoo dot com
30-Jan-2008 12:05


It is a common problem for all using php mail function. To solve this there

are so many answers I have seen in the internet and they do not hit problem

correctly.



Actually the problem here is if we send mails using php mail function we do

not have a signature and other mailing systems thinks that we are spamers.



So the solution is using a free remote smtp host like gmail to send our mails.

It is not hard because we have a free php smtp project called PHPMailer. You  can download it from http://sourceforge.net/project/showfiles.php?group_id=26031 .

You do not need to install it on your server.



It is very easy to understand how it is used to send mails using examples

zipped with PHPMailer. The following code is to send emails using gmail and

to do that you have to have a gmail mail account. Which can easily be created

by visiting http://gmail.com. Your mails will

send using that mail account and they will never become spams...



To see the complete code for sending emails use following link



http://bestdeveloper.blogspot.com

jano ATSOMERANDOMTEXTjanogarcia es
28-Jan-2008 02:31


This is a simple and quick (dirty?) fix for encoding long UTF-8 email subjects.



<?php



    $subject= mb_encode_mimeheader($subject,"UTF-8", "B", "\n");



?>



Changing the $transfer_encoding parameter* from B (Base64) to Q (Quoted-Printable) seems to work too.



*See the mb_encode_mimeheader documentation here http://php.net/manual/en/function.mb-encode-mimeheader.php



This one is based on the previously posted solution by J.Halmu http://php.net/manual/en/function.mail.php#75886 , added the two last parameters to prevent long subjects from breaking the email. It worked flawlessly on a RHEL environmet. No further tests, sorry.

Tomix
17-Jan-2008 07:53


send e-mail in utf-8



there is already a solution from omgs. but with a longer subject line there could be problem (splitting the subject line in a encoded character).



here my solution:

----

// hmm no better solution?

function imap8bit(&$item, $key) {

 $item = imap_8bit($item);

}



function email($e_mail, $subject, $message, $headers)

 {

  // add headers for utf-8 message

  $headers .= "\r\n";

  $headers .= "MIME-Version: 1.0\r\n";

  $headers .= "Content-type: text/plain; charset=utf-8\r\n";

  $headers .= "Content-Transfer-Encoding: quoted-printable\r\n";



  // encode subject

  //=?UTF-8?Q?encoded_text?=



  // work a round: for subject with wordwrap

  // not fixed, no possibility to have one in a single char

  $subject = wordwrap($subject, 25, "\n", FALSE);

  $subject = explode("\n", $subject);

  array_walk($subject, imap8bit);

  $subject = implode("\r\n ", $subject);

  $subject = "=?UTF-8?Q?".$subject."?=";



  // encode e-mail message

  $message = imap_8bit($message);



  return(mail("$e_mail", "$subject", "$message", "$headers"));

 }

I.Ruau
02-Dec-2007 06:23


I recently searched for a decent regex to *correctly* validate e-mail addresses according to RFC-2822.



Most regexes I found on the web (including in the comments here) are way too strict.

Then I stumbled upon this compliant parser:

http://code.iamcal.com/php/rfc822/?C=D;O=A



FWIW here is the complete, unrolled regex... which is quite edifying! ;-)

http://code.iamcal.com/php/rfc822/full_regexp.txt



Hope this helps.

hn at nesland dot net
02-Nov-2007 05:37


Tired of idiots and imbeciles who creates unsecure php-code and lets spammers abuse mail()? Try this dirty trick:



With auto_prepend, prepend this file:

<?php

// You need to install pecl-module, runkit.

dl("runkit.so");



// We could rename the function, but that currently makes my apache segfault, but this works :-P

runkit_function_copy ( "mail","intmail" );

runkit_function_remove( "mail" );



function mail( $to, $subject, $message, $additional_headers = null, $additional_parameters = null ) {



    $___domain = $_SERVER['SERVER_NAME'];

 

    $fp = fopen("/tmp/my_super_mail_logg", "a");

    fwrite( $fp, date("d.m.y H:i:s") . " " . $___domain . ": $to / $subject\n");

    fclose( $fp );



    return intmail( $to, $subject, $message, $additional_headers, $additional_parameters );

}

?>



You probably shouldn't log to /tmp, or any other place as the webserver-user, see syslog-functions ;)



And of course you can manipulate the different parameters, like adding custom headers to each email (For instance; "X-From-Web: {$_SERVER['SERVER_NAME']}")..

Ben
03-Oct-2007 11:14


There was a comment that



mail("User Name <username@email.com>","Subject Here",$msg,"From: us@mysite.com");



does not work. I've always used that and never had any issues - from Linux servers. I don't see how this could be different in IE vs Firefox; I've always gotten the same result in both. Just tried it on a Windows server and got this as a bounce back:



<User Name <username@email.com>:

x.x.x.x does not like recipient.

Remote host said: 550 Requested action not taken: 550 No such recipient

Giving up on x.x.x.x.



(Details changed to protect the innocent/guilty (for using a Windows server))



Took me a while to find the bounce until I used ini_set('sendmail_from', 'my@account');



So it is probably  trying to deliver to "User Name <username" instead of simply "username".

largo at email dot pcleak dot com
03-Oct-2007 02:01


hello ok i have this email form right and it is

<?php

if (isset($_REQUEST['email']))

//if "email" is filled out, send email

  {

  //send email

  $email = $_REQUEST['email'] ; 

  $subject = $_REQUEST['subject'] ;

  $message = $_REQUEST['message'] ;

  mail( "someone@example.com", "Subject: $subject",

  $message, "From: $email" );

  echo "Thank you for using our mail form";

  }

else

//if "email" is not filled out, display the form

  {

  echo "<form method='post' action='mailform.php'>

  Email: <input name='email' type='text' /><br />

  Subject: <input name='subject' type='text' /><br />

  Message:<br />

  <textarea name='message' rows='15' cols='40'>

  </textarea><br />

  <input type='submit' />

  </form>";

  }

?>

i like it but i want to change like but i want it to ask for sending it "TOO" and it automatically post the sender

phpcoder at cyberpimp dot ig3 dot net
27-Sep-2007 08:51


In addition to the $to parameter restrictions on Windows (ie. address can not be in "name <user@example.com>" format), the same restrictions apply to the parsed Cc and Bcc headers of the $additional_headers parameter.



However, you can include a To header in $additional_parameters which lists the addresses in any RFC-2822 format.  (For display purposes only.  You still need to list the bare addresses in the $to parameter.)

omgs
30-Aug-2007 01:57


I haven't seen in this page a reference about how to properly handle subject encoding when using non-ascii characters. I've found that info at http://www.johanvanmol.org/content/view/34/37/1/3/, which I paste:



"According to RFC 2822, mail header fields, including the subject, MUST be composed of printable US-ASCII characters (i.e., characters that have values between 33 and 126, inclusive). So if you want a subject with accents, you must encode it from your original character set to a US-ASCII character set. There are 2 of ways to do this: quoted-printable or base64.



[...]



Now we have an encoded subject, but our mail reader won't know that. So we need to tell it by formatting our subject as follows: "=?" charset "?" encoding "?" encoded-text "?=" , where charset is the original character set and encoding is either "Q" for Quoted-Printable or "B" for Base64.

E.g The subject containing the Quoted-Printable ISO-8859-1 string "Voilà une message", is written as:

Subject: =?ISO-8859-1?Q?Voil=E0_une_message?=

The Base64 version of the ISO-8859-1 string is:

Subject: =?ISO-8859-1?B?Vm9pbOAgdW5lIG1lc3NhZ2U=?=

The Quoted-Printable version of the UTF-8 string is:

Subject: =?UTF-8?Q?Voil=C3=A0_une_message?=

The Base64 version of the UTF-8 string is:

Subject: =?UTF-8?B?Vm9pbMOgIHVuZSBtZXNzYWdl?=

"



"Raw" non-encoded subjects can work and modern mail clients handle it properly, but I found that at least using utf-8 as encoding, the spam analizers complain stating "BAD HEADER Non-encoded 8-bit data". To prevent this, and taking the info above, I decided to use base64, which at least seems to have specific functions (and because it works, of course). So, one could use the following code:



<?php

...

$charset='UTF-8';

$subject='Subject with extra chars: áéíóú';

$encoded_subject="=?$charset?B?".base64_encode($subject)."?=\n";

$to=mail@foo.com;

$body='This is the body';

$headers="From: ".$from."\n"

    . "Content-Type: text/plain; charset=$charset; format=flowed\n"

    . "MIME-Version: 1.0\n"

    . "Content-Transfer-Encoding: 8bit\n"

    . "X-Mailer: PHP\n";

mail($to,$encoded_subject, $body,$headers);



?>



Of course, this can be "enhanced" by encoding only if there are non-ASCII characters, but I don't think I need it. Maybe the CPU work, used time and results don't deserve it.

Gianluigi_Zanettini-MegaLab.it
09-Aug-2007 11:57


Please note that using an address in this format "Zane, CEO - MegaLab.it" <myaddrr@mydomain> (" are needed due to comma) works as expected under *nix, but WON'T WORK under Windows.



This is an example



<?php

mail("\"Zane, CEO - MegaLab.it\" <myaddrr@mydomain>", "prova da test_zane", "dai funziona...");

?>



It works under *unix, but it doensn't under Win: different error are reported:



Warning: mail() [function.mail]: SMTP server response: 553 5.0.0 <"Zane>... Unbalanced '"'



Warning: mail() [function.mail]: SMTP server response: 501 5.5.4 Invalid Address

pavolzetor at gmail dot com
01-Aug-2007 08:47


if you send mail to gmail.com you don't use "\r\n" and you use only "\n" in headers

bsaul at inwind dot it
23-Jun-2007 02:19


First excuse me for bad english. I'm working on a function that send html or text or both, e-mail message. I try all the example but no one working on my system (windows XP with PostCast SMTP server). Finally i try this and work. I hope your find useful:



function mailTo ($from, $to, $oggetto, $contenuto, $type = "both", $reply = true) {



    // If $contenuto == file reading

    $messaggio = @file_get_contents( $content, 1);

    if ($messaggio) { $contenuto = $messaggio; }

    $messaggio = '';



    // Standar Header

    $crlf = chr(10) . chr(13);

    $intestazione  = "To: {$to}" . $crlf;

    $intestazione .= "From: {$from}" . $crlf;

    $intestazione .= "Return-Path: " . (($reply)? $from : substr_replace($from, "noreply", 0, strpos($from, '@'))) . $crlf;

    $intestazione .= 'Reply-To: ' .(($reply)? $from : substr_replace($from, "noreply", 0, strpos($from, '@'))) . $crlf;

   $intestazione .= 'X-Mailer: PHP/' . phpversion() . $crlf;



    // MIME boundary

    $separatore = 'PHP' . md5(uniqid(time()));

    // MIME Header

    $intestazione .= 'MIME-Version: 1.0' . $crlf;



    switch ($type){

        case 'html' :

                        // Header for client non MIME compatible

            $intestazione .= 'Content-Type: text/html; charset=ISO-8859-15' . $crlf;

            $intestazione .= 'Content-Transfer-Encoding: 7bit' . $crlf;

            $messaggio .= "\n{$contenuto}\n";

            break;



        case 'both' :

            $intestazione .= "Content-Type: multipart/alternative;\n\tboundary=\"" . $separatore . '"' . $crlf;

            // Create message for no mime client

            $messaggio .= "For English People: This is a multi-part message in MIME format.\nIf you are reading this, consider upgrading your e-mail client to a MIME-compatible client.\n";

            $messaggio .= "For Italian People: Questo è un messaggio MIME.\nSe si stà leggendo questa nota, consigliamo l\'aggiornamento del programma di posta elettronica con uno compatibile MIME";

            $messaggio .= "\n--{$separatore}\n";

            $messaggio .= "Content-Type: text/plain; charset=ISO-8859-15\n";

            $messaggio .= "Content-Transfer-Encoding: 7bit\n\n";



        case 'text' :

            $messaggio .= strip_tags($contenuto);

            if ($type == 'both') {

                $messaggio .= "\n--{$separatore}\n";;

                $messaggio .= "Content-Type: text/html; charset=ISO-8859-15\n";

                $messaggio .= "Content-Transfer-Encoding: 7bit\n";

                $messaggio .= "\n{$contenuto}";

                $messaggio .= "\n--{$separatore}\n";

            }

    }



    // Send MAIL

    return  mail($to, $oggetto, $messaggio, $intestazione);



}

J.Halmu
20-Jun-2007 04:10


I use text/plain charaset=iso-8859-1 and get bad headers complain from amavis. This helped me:



[code]

$subject = mb_encode_mimeheader('ääööö test test öäöäöä','UTF-8');

[/code] 



php-version 5.2.2

Alex Jaspersen
30-May-2007 11:03


For qmail users, I have written a function that talks directly to qmail-queue, rather than going through the sendmail wrapper used by mail(). Thus it allows more direct control over the message (for example, you can adapt the function to display "undisclosed recipients" in to the To: header). It also performs careful validation of the e-mail addresses passed to it, making it more difficult for spammers to exploit your scripts.



Please note that this function differs from the mail() function in that the from address must be passed as a _separate_ argument. It is automatically put into the message headers and _does not_ need to be included in $additional_headers.



$to can either be an array or a single address contained in a string.

$message should not contain any carriage return characters - only linefeeds.



No validation is performed on $additional_headers. This is mostly unnecessary because qmail will ignore any additional To: headers injected by a malicious user. However if you have some strange mail setup it might be a problem.



The function returns false if the message fails validation or is rejected by qmail-queue, and returns true on success.



<?php

function qmail_queue($to, $from, $subject, $message, $additional_headers = "")

{

    // qmail-queue location and hostname used for Message-Id

    $cmd = "/var/qmail/bin/qmail-queue";

    $hostname = trim(file_get_contents("/var/qmail/control/me"));

    

    // convert $to into an array

    if(is_scalar($to))

        $to = array($to);

    

    // BEGIN VALIDATION

    // e-mail address validation

    $e = "/^[-+\\.0-9=a-z_]+@([-0-9a-z]+\\.)+([0-9a-z]){2,4}$/i";

    // from address

    if(!preg_match($e, $from)) return false;

    // to address(es)

    foreach($to as $rcpt)

    {

        if(!preg_match($e, $rcpt)) return false;

    }

    

    // subject validation (only printable 7-bit ascii characters allowed)

    // needs to be adapted to allow for foreign languages with 8-bit characters

    if(!preg_match("/^[\\040-\\176]+$/", $subject)) return false;

    

    // END VALIDATION

    

    // open qmail-queue process

    $dspec = array

    (

        array("pipe", "r"), // message descriptor

        array("pipe", "r") // envelope descriptor

    );

    $pipes = array();

    $proc = proc_open($cmd, $dspec, $pipes);

    if(!is_resource($proc)) return false;

    

    // write additional headers

    if(!empty($additional_headers))

    {

        fwrite($pipes[0], $additional_headers . "\n");

    }

    

    // write to/from/subject/date/message-ID headers

    fwrite($pipes[0], "To: " . $to[0]); // first recipient

    for($i = 1; $i < sizeof($to); $i++) // additional recipients

    {

        fwrite($pipes[0], ", " . $to[$i]);

    }

    fwrite($pipes[0], "\nSubject: " . $subject . "\n");

    fwrite($pipes[0], "From: " . $from . "\n");

    fwrite($pipes[0], "Message-Id: <" . md5(uniqid(microtime())) . "@" . $hostname . ">\n");

    fwrite($pipes[0], "Date: " . date("r") . "\n\n");

    fwrite($pipes[0], $message);

    fwrite($pipes[0], "\n");

    fclose($pipes[0]);

    

    // write from address and recipients

    fwrite($pipes[1], "F" . $from . "\0");

    foreach($to as $rcpt)

    {

        fwrite($pipes[1], "T" . $rcpt . "\0");

    }

    fwrite($pipes[1], "\0");

    fclose($pipes[1]);

    

    // return true on success.

    return proc_close($proc) == 0;

}

?>

James Butler
24-May-2007 12:15


Re: "Second, the custom headers like From:, Cc:, Bcc: and Date: are not interpreted by the MTA in the first place, but are parsed by PHP.



As such, the to parameter should not be an address in the form of "Something <someone@example.com>". The mail command may not parse this properly while talking with the MTA."



SERVER:

 PHP 5.0.4

 Fedora Core 4

 Apache 2.0

 Sendmail 8.13.7

 SMTP: localhost



CLIENT:

 Windows 98SE

 Mozilla Firefox 2.0.0.3

 Microsoft Internet Explorer 6.0.2800.1106



COMMAND:

 mail("User Name <username@email.com>","Subject Here",$msg,"From: us@mysite.com");



Using Firefox, no problems with the above command.

Using MSIE, won't send mail "to" address formatted as above.



COMMAND 2:

 mail("username@email.com","Subject Here",$msg,"From: us@mysite.com");



Works fine from both clients.



I mention this because it appears there is some interaction between the client and MTA that is unaccounted for in the above quote from this doc page.

junk at hostelz dot com
21-Mar-2007 01:56


Unless I'm confused, I suspect that in the code from "rsjaffe at gmail dot com" above, "\\r" and "\\n" should actually be "\r" and "\n".

Josh
09-Mar-2007 10:05


While trying to send attachments I ran into the problem of having the beginning part of my encoded data being cut off.



A fact that I didn't see mentioned anywhere explicitly (except maybe in the RFC, which admittedly I didn't read fully) was that two newlines are required before you start the encoded data:



Content-Transfer-Encoding: base64\n

Content-Type: application/zip; name="test_file.zip"\n

\n  //<--- if this newline isn't here your data will get cut off

DATA GOES HERE

hans111 at yahoo dot com
01-Mar-2007 08:54


I had a lot of trouble trying to send multipart messages to gmail accounts until I discovered gmail does not like carriage returns, even under unix I have to use only new lines (\n) and forget about the (\r) . Other email clients such as eudora, outlook, hotmail or yahoo seem not to have issues about the "missing" \r . Hope it helps.

bigtree at dontspam dot 29a dot nl
28-Feb-2007 04:46


Since lines in $additional_headers must be separated by \n on Unix and \r\n on Windows, it might be useful to use the PHP_EOL constant which contains the correct value on either platform.



Note that this variable was introduced in PHP 5.0.2 so to write portable code that also works in PHP versions before that, use the following code to make sure it exists:



<?php

if (!defined('PHP_EOL')) define ('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");

?>

andy at andybev dot com
19-Feb-2007 04:56


I'm copying Ben Cooke's note from the main mail page into here because I didn't find it initially. The issue described below caused me a lot of problems because of Postfix converting a single \r\n into double new lines, resulting in corrupted mail.



=====================================================



Note that there is a big difference between the behavior of this function on Windows systems vs. UNIX systems. On Windows it delivers directly to an SMTP server, while on a UNIX system it uses a local command to hand off to the system's own MTA.



The upshot of all this is that on a Windows system your  message and headers must use the standard line endings \r\n as prescribed by the email specs. On a UNIX system the MTA's "sendmail" interface assumes that recieved data will use UNIX line endings and will turn any \n to \r\n, so you must supply only \n to mail() on a UNIX system to avoid the MTA hypercorrecting to \r\r\n.



If you use plain old \n on a Windows system, some MTAs will get a little upset. qmail in particular will refuse outright to accept any message that has a lonely \n without an accompanying \r.

admin at chatfamy dot com
30-Jan-2007 12:37


One thing it can be difficult to control with this function is the envelope "from" address. The envelope "from" address is distinct from the address that appears in the "From:" header of the email. It is what sendmail uses in its "MAIL FROM/RCPT TO" exchange with the receiving mail server. It also typically shows up in the "Return-Path:" header, but this need not be the case. The whole reason it is called an "envelope" address is that appears _outside_ of the message header and body, in the raw SMTP exchange between mail servers.



The default envelope "from" address on unix depends on what sendmail implementation you are using. But typically it will be set to the username of the running process followed by "@" and the hostname of the machine. In a typical configuration this will look something like apache@box17.isp.net.



If your emails are being rejected by receiving mail servers, or if you need to change what address bounce emails are sent to, you can change the envelope "from" address to solve your problems.



To change the envelope "from" address on unix, you specify an "-r" option to your sendmail binary. You can do this globally in php.ini by adding the "-r" option to the "sendmail_path" command line. You can also do it programmatically from within PHP by passing "-r address@domain.com" as the "additional_parameters" argument to the mail() function (the 5th argument). If you specify an address both places, the sendmail binary will be called with two "-r" options, which may have undefined behavior depending on your sendmail implementation. With the Postfix MTA, later "-r" options silently override earlier options, making it possible to set a global default and still get sensible behavior when you try to override it locally. 



On Windows, the the situation is a lot simpler. The envelope "from" address there is just the value of "sendmail_from" in the php.ini file. You can override it locally with ini_set().

tdaniel at univ dot haifa dot ac dot il
26-Oct-2006 04:17


I had trouble getting multiple emails sent for Outlook accounts (a single PHP page performed 2 mail() calls). 



The PHP mail() function works correctly, but the same mails that were recieved on a private POP3 server were randomly missing by our intranet Outlook exchange server.



If you have the same problem, try to verify that the "Message-ID: " is unique at the $headers string. i.e.



<?php

$headers = [...] . 

"Message-ID: <". time() .rand(1,1000). "@".$_SERVER['SERVER_NAME'].">". "\r\n" [...];

?>



(rand() is used only for demonstration purposes. a better way is to use an index variable that increments (i++) after each mail)



I noticed that when multiple messeges were sent simultaneously, the message-id was the same (probably there was no miliseconds differential). My guess is that Outlook is collating messages with the same message-ID; a thing that causes only one email to pass to the Outlook inbox instead of a few.

i5513
27-Sep-2006 01:30


[EDITOR's NOTE: Following based off of a note originally by marcelo dot maraboli at usm dot cl which has been removed.]





I had a trouble with marcelo' function, I had to add "$val == 63" condition into "if" sentence for '?' character





# From marcelo post:


function encode_iso88591($string)


{


  $text = '=?iso-8859-1?q?';


 


  for( $i = 0 ; $i < strlen($string) ; $i++ )


  {


   $val = ord($string[$i]);


   if($val > 127 or $val == 63)


   {


     $val = dechex($val);


     $text .= '='.$val;


   }


   else


   {


       $text .= $string[$i];


   }


  


  }


  $text .= '?=';


 


  return $text;


}





and later use:





       // create email


       $msg = wordwrap($msg, 70);


       $to = "destination@company.com";


       $subject = encode_iso88591("hoydía caminé !!");


       $headers =    "MIME-Versin: 1.0\r\n" .


               "Content-type: text/plain; charset=ISO-8859-1; format=flowed\r\n" .


               "Content-Transfer-Encoding: 8bit\r\n" .


               "From: $from\r\n" .


               "X-Mailer: PHP" . phpversion();





       mail($to, $subject, $msg, $headers);

johniskew2
19-Sep-2006 09:28


An important rule of thumb, because it seems few really follow it and it can alleviate so many headaches: When filtering your email headers for injection characters use a regular expression to judge whether the user's input is valid.  For example to see if the user entered a valid e-mail address use something like  [a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}.  Dont try to filter out bad characters (like searching for LF or CR), because you will ALWAYS miss something.  You can be sure your application is more secure going this route....provided the regular expression is valid!  This same point goes for any sort of form input not just for sending out emails.

thomas at p-devion dot de
23-Aug-2006 10:46


Change the function addattachment for multipartmail to auto detect the mime_content_type ... 



     function addattachment($file){

         $fname = substr(strrchr($file, "/"), 1);

         $data = file_get_contents($file);

         $i = count($this->parts);

         $content_id = "part$i." . sprintf("%09d", crc32($fname)) . strrchr($this->to_address, "@");

         $this->parts[$i] = "Content-Type: ".mime_content_type($file)."; name=\"$fname\"\r\n" .

                           "Content-Transfer-Encoding: base64\r\n" .

                           "Content-ID: <$content_id>\r\n" .

                           "Content-Disposition: inline;\n" .

                           " filename=\"$fname\"\r\n" .

                           "\n" .

                           chunk_split( base64_encode($data), 68, "\n");

         return $content_id;

     }

panoramical at gmail dot com
27-Jul-2006 04:19


Searched for ages on the internet trying to find something that parses EML files and then sends them...for all of you who want to send an EML files you first have to upload it, read it, then delete it. Here's my function...it's specialised for a single form where the user uploads the EML file. 



<?php



if(isset($_POST['submit']))

{



// Reads in a file (eml) a user has inputted

function eml_read_in()

{



    $file_ext = stristr($_FILES['upload']['name'], '.');

    

    // If it is an eml file

    if($file_ext == '.eml')

    {

    

        // Define vars

        $dir = 'eml/';

        $file = $dir.basename($_FILES['upload']['name']);

        $carry = 'yes';

        

        // Try and upload the file

        if(move_uploaded_file($_FILES['upload']['tmp_name'], $file))

        {

        

            // Now attempt to read the file

            if($eml_file = file($file))

            {

            

                // Create the array to store preliminary headers

                $headers = array();

                $body = '';

                $ii = -1;



                

                // For every line, carry out this loop

                foreach($eml_file as $key => $value)

                {

                

                    $pattern = '^<html>';

                    

                    if(((eregi($pattern, $value)))||($carry == 'no'))

                    {

                    

                        // Stop putting data into the $headers array

                        $carry = 'no';

                        $i++;

                        $body .= $value;

                        

                    }

                    

                    else

                    {    

                        

                        // Separate each one with a colon

                        if(($eml_file_expl = explode(':', $value))&&($carry == 'yes'))

                        {



                        

                            // The row has been split in half at least...

                            if(isset($eml_file_expl[1]))

                            {

        

                                // Put it into the preliminary headers

                                $headers[$eml_file_expl[0]] = $eml_file_expl[1];

                            

                                // There might be more semicolons in it...

                                for($i=2;$i<=$count;$i++)

                                {

                            

                                    // Add the other values to the header

                                    $headers[$eml_file_expl[0]] .= ':'.$eml_file_expl[$i];

                                    

                                }

                            

                            }    

                            

                        }        

                    

                    }

                    

                }

                

                // Clear up the headers array

                $eml_values = array();

                $eml_values[to] = $headers[To];

                $eml_values[from] = $headers[From];

                $eml_values[subject] = $headers[Subject];

                $eml_values['reply-to'] = $headers['Reply-To'];

                $eml_values['content-type'] = $headers['Content-Type'];

                $eml_values[body] = $body;

                

                unlink($file);

        

                return $eml_values;

                

                

                        

            }

            

        }

        

        else

        {

        

            return '<p>File not uploaded - there was an error</p>';

                        

        }

        

    }

    

}    



// Takes information automatically from the $_FILES array...

$eml_pattern = eml_read_in()



// Headers definable...through eml_read_in() again, but I'm guessing they'll be the same for each doc...



if(mail($eml_pattern[to], $eml_pattern[subject], $eml_pattern[content], $headers)) echo 'Mail Sent';



?>

24-Jul-2006 08:55


correction for class multipartmail



<?php

function addmessage($msg = "", $ctype = "text/plain"){

         $this->parts[0] ....

?>



if you are adding attachment first and then addmessage you can easy overwrite added attachment - better use 



<?php



function addmessage($msg = "", $ctype = "text/plain"){

         $this->parts[count($this->parts)] ....



?>

sander at cartel dot nl
20-Jul-2006 03:26


I found out that a ms server (ESMTP MAIL Service, Version: 5.0.2195.6713) also had the problem using CRLF in the headers:



If messages are not received, try using a LF (\n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with RFC 2822.



The suggested fix works. 



Sander

rsjaffe at gmail dot com
21-May-2006 02:10


Here's my way of detecting an attempt to hijack my mail form.





<?php #requires PHP 5 or greater


$request = array_map('trim',($_SERVER['REQUEST_METHOD'] == "POST") ? $_POST : $_GET) ;





//check for spam injection


$allfields = implode('',$request) ;


$nontext = $request ;


unset($nontext['message'] );


$nontextfields = implode ('',$nontext) ;


if ((strpos ($nontextfields,"\\r")!==false) || 


    (strpos ($nontextfields,"\\n")!==false) || 


    (stripos ($allfields,"Content-Transfer-Encoding")!==false) || 


    (stripos ($allfields,"MIME-Version")!==false) ||


    (stripos ($allfields,"Content-Type")!==false) ||


    ($request['checkfield']!=$check) ||


    (empty($_SERVER['HTTP_USER_AGENT']))) die('Incorrect request') ; //stop spammers ?>





First, I put the data into an array $request, then set up two strings: $allfields, which is just all fields concatenated, then $nontext, which excludes those fields in which \r\n is allowed (e.g., the message body). Any form field in which \r\n is allowed should be unset in the $nontext array before the second implode function (my message field is called 'message', so I unset that). I also include a hidden field in the form with a preset value ('checkfield', $check), so I can see if something is trying to alter all fields. 





This is a combination of a lot of things mentioned in the messages below...

steve at stevewinnington dot co dot uk
13-Mar-2006 08:24


To all you guys out there having problems with mail scripts throwing back this (and you know your scripts are right!!)...



Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in:



I had started seeing this after moving some scripts from 4.3 servers to 5.



a dirty get around is using



ini_set ("sendmail_from","a.body@acompany.com");



to force the From header. 



Not ideal but it works.

;)

Nimlhug
11-Mar-2006 10:41


As noted in other, well, notes; the "additional headers" parameter can be easily exploited, when doing things like:



<?php

  mail( $_POST['to'], $_POST['subject'], $_POST['message'], 'Reply-to: '.$_POST['from']."\r\n" );

?>



An easy way of fixing this, is removing CRLFs from the header-strings, like so:



<?php

  $_POST['from'] = str_replace( "\r\n", '', $_POST['from'] );

?>



This way, the extra data will be part of the previous header.

junaid at techni-serve dot com
07-Mar-2006 09:49


Note: on class "multipartmail".  Modify the function buildmessage with the following and it will work great.



function buildmessage(){

         $this->message = "This is a multipart message in mime format.\n";

         $cnt = count($this->parts);

         for($i=0; $i<$cnt; $i++){

           $this->message .= "--" . $this->boundary . "\n" .$this->parts[$i];

         }

        $this->message .= "--" . $this->boundary . "-- \n";

     }



Thank for all the help.

Mailer
05-Mar-2006 05:13


if you don't have access to the mail function or got a own smtp server you can use this class to send mails.

https://sourceforge.net/projects/p3mailer/

leonard_orb at future-data dot de
14-Feb-2006 01:51


Warning: It should be stated clearly that "additional_headers" (the 4th parameter)

will not only allow you to add customized mail headers.

If there is an empty line in it the mail headers will be terminated and

the mail body will start exactly at this point.



mail ("foo@bar.example", "Test", "Hi dude",

  "Bcc: someone_else@bar.example\r\n\r\nBuy V1a*ra now\r\n");



will send a mail to <foo@bar.example> and <someone_else@bar.example>

and advertise pills.



It will give spammers the chance to abuse your webserver as a spam server if you e.g.

happen not to check the values your form receives from the client and paste it

directly into "additional_headers".

linas.galvanauskas {eta} ntt . lt
13-Feb-2006 01:27


Hi,

I'm using phpmailer from http://