Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#27686 closed defect (bug) (duplicate)

DKIM issue with PHPMailer 5.2.4 - upgrade to 5.2.7

Reported by: rocksfrow's profile rocksfrow Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.8.1
Component: External Libraries Keywords:
Focuses: Cc:

Description (last modified by ocean90)

Emails sent with the most recent WordPress breaks DKIM. This is a bug with PHPMailer 5.2.4. Upgrading PHPMailer to 5.2.7 fixes the issue.

Here are headers from message with 5.2.4 to gmail recipient:

 Received-SPF: pass (google.com: domain of user@domain.com designates
 144.xx.xx.xx  as permitted sender) client-ip=144.xx.xx.xx;
 Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of user@domain.com designates 144.xx.xx.xx as 
 permitted sender) smtp.mail=user@domain.com;
 dkim=neutral (no key for signature) header.i=@domain.com
 .. [headers clipped] ..
 Message-ID: <9686b0680a0a32ec311ee1884d6352bb@www.domain.com>
 X-Priority: 3
 X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org
 /p/phpmailer/)

Here are the headers from message with 5.2.7 (replaced class-phpmailer.php in latest source), to same gmail recipient:

 Received-SPF: pass (google.com: domain of user@domain.com designates 
 144.xx.xx.xx as permitted sender) client-ip=144.xx.xx.xx;
 Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of user@domain.com designates 
 144.xx.xx.xx as permitted sender) smtp.mail=user@domain.com;
 dkim=pass header.i=@domain.com
 .. [headers clipped] ..
 Message-ID: <d2afb441f25c8c7a8ba0433a0e15c0b6@www.domain.com>
 X-Priority: 3
 X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)

Both messages were properly signed and contained the proper dkim-sig header. These two test messages were the exact same 'forgot password' message from the WordPress install. I confirmed all updates were installed before running this test. I even tested twice, and watched my email go to Spam with 5.2.4 due to dkim failure, and then inbox with 5.2.7 due to dkim pass.

I am confident about this bug with PHPMailer, because another 3rdparty library I use recently made the upgrade to 5.2.7 to resolve the same issue.

PLEASE upgrade PHPMailer and put out an update ASAP. My member emails are going to Spam because of this. I can fix it by manually replacing class-phpmailer.php, but I have a ton of clients who use WordPress as well.

Let me know if you need anymore information. Thanks!

Change History (2)

#1 @rocksfrow
10 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #25560.

I just now found this ticket: https://core.trac.wordpress.org/ticket/25560

It says fixed, when will this be released as an update?

#2 @ocean90
10 years ago

  • Component changed from General to External Libraries
  • Description modified (diff)
  • Focuses ui accessibility administration performance removed
  • Milestone Awaiting Review deleted

It says fixed, when will this be released as an update?

See http://wordpress.org/news/2014/03/wordpress-3-9-beta-3/.

Note: See TracTickets for help on using tickets.