Link to home
Create AccountLog in
Avatar of BR
BRFlag for Türkiye

asked on

whm settings for php mail

I have a cloud server that where I host a few web sites. I'm using Apache and WHM control panel. I'd like to close my server to send emails if the php scripts is not PHPMailer script?

I want to let my users send email only with phpmailer. ( with a connection to a related mail account using an email address and its password ) I don't want a hacker abuse my php web sites to send their spam emails.

where can I change this settings?
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

You can't do that because PHPMailer can use at least 3 different methods of sending email.  Or do you mean the PHP mail() function?  Those are two different things although PHPMailer (which is a PHP program you can download) can use the PHP mail() function also.  It can also send directly to an external SMTP server and I don't remember what the third method is.  Direct socket connection I believe.
Avatar of BR

ASKER

On the WHM mail options for PHP, I think there is a way that only lets the server send email if I use an email account , ( username and password ) otherwise it shouldn't send email

The web site contact forms on my server should only send emails using the below code

<?php
require 'class.phpmailer.php';

$mail = new PHPMailer;

$mail->IsSMTP();                                      // Set mailer to use SMTP
$mail->Host = 'smtp1.example.com;smtp2.example.com';  // Specify main and backup server
$mail->SMTPAuth = true;                               // Enable SMTP authentication
$mail->Username = 'jswan';                            // SMTP username
$mail->Password = 'secret';                           // SMTP password
$mail->SMTPSecure = 'tls';                            // Enable encryption, 'ssl' also accepted

$mail->From = 'from@example.com';
$mail->FromName = 'Mailer';
$mail->AddAddress('josh@example.net', 'Josh Adams');  // Add a recipient
$mail->AddAddress('ellen@example.com');               // Name is optional
$mail->AddReplyTo('info@example.com', 'Information');
$mail->AddCC('cc@example.com');
$mail->AddBCC('bcc@example.com');

$mail->WordWrap = 50;                                 // Set word wrap to 50 characters
$mail->AddAttachment('/var/tmp/file.tar.gz');         // Add attachments
$mail->AddAttachment('/tmp/image.jpg', 'new.jpg');    // Optional name
$mail->IsHTML(true);                                  // Set email format to HTML

$mail->Subject = 'Here is the subject';
$mail->Body    = 'This is the HTML message body <b>in bold!</b>';
$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

if(!$mail->Send()) {
   echo 'Message could not be sent.';
   echo 'Mailer Error: ' . $mail->ErrorInfo;
   exit;
}

echo 'Message has been sent';
You can restrict the local mail server but 'class.phpmailer.php' includes all the methods that I was talking about.  The SMTP method and the socket method totally bypass the mail server on your site.
Avatar of BR

ASKER

is my web site safe considering php mails if I can use above code to send email on my contact form? is it possible to any body to force my server send spam emails?
ASKER CERTIFIED SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer