> From: Ángel González <keis...@gmail.com> > On Sunday, February 28, 2016 21:12, Ángel González wrote: > I don't think more than a direct SMTP transport will be needed (LMTP > perhaps?), but it seems a good idea that #29629 can finally be fixed. >
These would indeed be a few examples. Although there's of course also QMQP, and who knows what else people may feel they need. In our case we decided to implement an extension that fetches the smtp credentials to be used (per user) while sending an email from a separate system. We considered providing these through php.ini, but we didn't want to have users accidentally expose credentials when they have a page that does php_info() somewhere for the world to see. > On Monday, February 29, 2016 14:58, Johannes Schlüter wrote: > On Sun, 2016-02-28 at 17:55 +0000, Dolf Schimmel wrote: >> Howdy, >> >> I'm planning to create an RFC on this shortly, but would like to gauge >> the initial response first. >> >> Currently whenever an email is sent through the mail() function it is >> sent by an invocation of a sendmail-compatible executable. However, >> there are scenario's in which an alternative transport than through a >> sendmail executable may be desired. For example when PHP has been >> locked down, preventing it from starting any executables. It would be >> nice if it would be possible to allow such an alternative e.g. through >> a PHP Extension. Of course there are many frameworks out there that >> setup an smtp connection themselves, but in a shared hosting >> environment it's unfeasible to tell users they can't use the mail() >> function. > > For one: Why can't they use the mail function? A hoster can easily > provide a sendmail-compatible program doing whatever is needed in the > environment. They surely could. In fact that's how we've been doing it for a long time now. But they also want to lock down things as much as possible. In our case we decided to disallow PHP from doing any forking and put it in a (noexec) filesystem namespace that doesn't contain any exectuables. > The purpose of the function is to get rid of mail reliably and quickly > in order to have it queued somewhere. PHP shouldn't be the MTA. That's > a tough task (i.e. what to do when the SMTP server is down or slow? - > PHP shouldn't have to wait) > So I'd like to learn where mail() can't be used (aside from a dev > desktop where this might need "too much" system configuration) Well, you're right in that PHP doesn't have to be an MTA. But, that doesn't mean you don't want it to communicate directly with an MTA. The MTA typically decides whether it will actually accept the email or whether it considers it spam or whether a user has reached their quota, just to name a few examples. It's way more convenient to let the user know immediately whether their mail was accepted than it is to simply queue it somewhere and generate a lot of bounce mails which will often times go unread. > And as a side note: If you really have a special case where providing a > sendmail tool is no option you could easily create an extension > replacing mail() with a custom function (mbstring functions, runkit and > other extensions show how this can be done) We could indeed go that way, but it would introduce some code duplication. Given how we maintain our own patches I could also just replace the sendmail code with our own, but this is way more generic and could benefit other users as well. > >> The patch I'm proposing can be found here: >> https://github.com/php/php-src/pull/1778/files > > I haven't fully reviewed this. But you're not handing extension > unloading. In some SAPIs we have dl() available and serve multiple > requests. Thus in one request a mail module could be loaded by dl() on > shutdown the extension will be unloaded, but the pointer will still > exist in the handler table. Noted. Will add that as well. Thanks for the feedback. > > johannes > Dolf -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
