Re: PHP mail function safety

From: J.O. Aho (user_at_example.net)
Date: 01/05/05 

Date: Wed, 05 Jan 2005 10:07:23 +0100

PiedmontBiz wrote:

> I notice that FormMail.pl does checks for tainted input. Does the builtin
> mail() do do the same? Or should I setup my own tests before submitting to
> mail()?

You should make tests of the imput that you feed mail() with, it will not make
any checks, but your SMTP may do that for you, before allowing the mail to be
sent, but don't count on that if you haven't set up your own SMTP and know you
have such working premailing checks.

  //Aho

Relevant Pages

  • Re: SBS 2003 Smart host
    ... only bad thing is that that i need to setup my other mail server ... Just try to google string "The remote SMTP service rejected AUTH negotiation". ... but hell with exchange 2003 sbs server is painfull. ...
    (microsoft.public.exchange.admin)
  • Re: SMTP server or "forwarding"?
    ... > network to be able to send to 'your' ISP's server? ... > send though a local smtp server. ... > though it with the setup controlled by the client request. ... > port forwarding. ...
    (Fedora)
  • Re: Question about smtp and "email address"
    ... An SMTP mail server can filter on whatever it wants to. ... As you mentioned in the original, the setup still works for you. ... Also, bellsouth does not require ...
    (microsoft.public.internet.mail)
  • Re: Subdomains in W2K3
    ... Please find our setup. ... This software has its own mailhost ... messages arrive they hit our SMTP gateway and a force route within the SMTP ... the same mail server. ...
    (microsoft.public.windows.server.dns)
  • Re: FE and BE issues
    ... I think you would want to setup the backend servers to use the Front end ... You could create a SMTP connector to do this or just set it up on the ... Everything is working great in my setup (textbook FE ... > normal spam operations and do reverse DNS lookups. ...
    (microsoft.public.exchange2000.transport)