復制代碼 代碼如下:
// multiple recipients
$to = '
[email protected]' . ', '; // note the comma
$to .= '
[email protected]';
// subject
$subject = 'Birthday Reminders for August';
// message
$message = '
<html>
<head>
<title>Birthday Reminders for August</title>
</head>
<body>
<p>Here are the birthdays upcoming in August!</p>
<table>
<tr>
<th>Person</th><th>Day</th><th>Month</th><th>Year</th>
</tr>
<tr>
<td>Joe</td><td>3rd</td><td>August</td><td>1970</td>
</tr>
<tr>
<td>Sally</td><td>17th</td><td>August</td><td>1973</td>
</tr>
</table>
</body>
</html>
';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'To: Mary <
[email protected]>, Kelly <
[email protected]>' . "\r\n";
$headers .= 'From: Birthday Reminder <
[email protected]>' . "\r\n";
$headers .= 'Cc:
[email protected]' . "\r\n";
$headers .= 'Bcc:
[email protected]' . "\r\n";
// Mail it
mail($to, $subject, $message, $headers);
查看sendmail的maillog,發現奇怪的內容。
復制代碼 代碼如下:
Mar 1 11:28:03 <a title="shaohui" href="http://www.shaohui.org" target="_blank">shaohui</a>.org sendmail[27526]: n213S1Xc027524: to=<
[email protected]>, ctladdr=<
[email protected]> (500/500), delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=150812, relay=163mx03.mxmail.netease.com. [220.181.12.72], dsn=5.0.0, stat=Service unavailable
但是,如果我使用Linux Shell 的mail命令是可以發送成功的,不過多加了一條-f 參數偽造發件人。這是唯一的不同,於是maillog 的其中一個字段ctladdr顯示也不一樣。不再是apache用戶,我懷疑163等國內的郵件服務提供商,把所有的apache的用戶的郵件當成垃圾郵件處理掉了。
復制代碼 代碼如下:
Feb 25 23:44:59 <a title="shaohui" href="http://www.shaohui.org" target="_blank">shaohui</a> sendmail[13067]: n1PFixH4013067:
[email protected],
[email protected] (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30869, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n1PFixdx013068 Message accepted for delivery)
根源找到,於是問題就很好解決了,查一下php的手冊,發現mail函數原來也是可以偽造發件人的。
復制代碼 代碼如下:
bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )
在第六個參數additional_parameters使用額外的參數"-f
[email protected]", 問題就解決了。