#49687 closed enhancement (fixed)
wp_mail() - Why is no envelope sender defined?
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 6.9 | Priority: | normal |
| Severity: | major | Version: | 5.4 |
| Component: | Keywords: | has-test-info has-patch has-dev-note | |
| Focuses: | Cc: |
Description
As just figured out, some (mail) servers require the envelope sender to be set in order to accept outgoing emails.
For the PHP built-in mail() function (https://www.php.net/manual/en/function.mail.php) this can be done using the additional parameter (e.g. "-fwebmaster@…) as explained in example 4 of the PHP manual page.
In order to use that option and set the envelope sender in PHPmailer either the sender attribute of the phpmailer object needs to be set ($phpmailer->Sender = "sender@…") or when using the setFrom() method of PHPmailer, the 3rd parameter needs to be set to true (=default).
Unfortunately, the current implementation of wp_mail() explicitly sets that 3rd parameter to false, which prevents the envelope sender from being set (see https://core.trac.wordpress.org/browser/trunk/src/wp-includes/pluggable.php?rev=47494#L358).
Is there any reason for doing so and could we change L358 to
$phpmailer->setFrom( $from_email, $from_name, true );
?
Change History (61)
#3
@
5 years ago
- Type changed from defect (bug) to enhancement
It's quite likely that a suggestion of this nature would be that "this is plugin territory." wp_mail() is a pluggable function, and if it was necessary in a given instance, then you could implement a plugged version of the function.
I would agree, though that it's worth a review. But the other thing to consider is that WP 5.5. is including an upgrade to phpMailer. So it might be something that needs to be looked at in the course of that improvement.
#5
in reply to:
↑ description
;
follow-up:
↓ 9
@
5 years ago
Hi there, welcome to WordPress Trac! Thanks for the report.
Replying to vbbp:
Unfortunately, the current implementation of wp_mail() explicitly sets that 3rd parameter to false, which prevents the envelope sender from being set (see https://core.trac.wordpress.org/browser/trunk/src/wp-includes/pluggable.php?rev=47494#L358).
Just noting that this was an intentional change in [38286] / #37736.
#6
follow-up:
↓ 7
@
5 years ago
Not sure why this was added, because both options might cause issues on some environments (although I would stick with the PhpMailer default).
So the only solution is to use the phpmailer-init action in a small plugin?
<?php add_action( 'phpmailer_init', 'xyz_add_phpmailer_setfrom' ); function xyz_add_phpmailer_setfrom( $phpmailer ) { $phpmailer->setFrom( 'mysender@example.com', 'My Sender' // From name. ); }
#7
in reply to:
↑ 6
@
5 years ago
Also bitten by this. I tracked DMARC failures down to this "feature" where envelope sender is not set properly in wp_mail.
FWIW, a return to the default setFrom value (true) would fix the issue for us. That "intentional change" to false in https://core.trac.wordpress.org/changeset/38286 probably broke more things than helped.
Most people wouldn't be aware that the emails they're sending out from Wordpress are broken, and that some action (a plugin) is needed. This true=>false change alone, five years ago, must have contributed to the online noise in global email tremendously.
#8
@
4 years ago
Just wanted to add myself to the list of people who can't fathom why this intentional change was made to purposely alter PHPMailer's default by not setting the envelope sender.
Reading through the other thread, the gist seems to be "because it breaks some server setups" but it doesn't make sense not to set the proper headers.
I have full control over the server/postfix setup I use to host my WordPress projects, with sender dependent relay and authentication settings. Without the proper envelope sender, the default (wrong) hostname is used.
To please everyone, why not add the from address/name/envelope sender fields to the WordPress settings area?
#9
in reply to:
↑ 5
@
4 years ago
Replying to SergeyBiryukov:
Hi there, welcome to WordPress Trac! Thanks for the report.
Replying to vbbp:
Unfortunately, the current implementation of wp_mail() explicitly sets that 3rd parameter to false, which prevents the envelope sender from being set (see https://core.trac.wordpress.org/browser/trunk/src/wp-includes/pluggable.php?rev=47494#L358).
Just noting that this was an intentional change in [38286] / #37736.
Without the envelope sender being set (falling back to some default value), the requests are being rejected. Namely "sezman.cz" and "ovh.net" SMTP servers do reject those messages (log line below). Gmail won't look at the envelope sender and gladly accept the header from the message header.
Mar 10 10:36:52 localhost sm-mta[1763825]: 229JUjTK112345: to=<myemailaddress@seznam.cz>, ctladdr=<www-data@localhost.localdomain> (33/33), delay=14:06:07, xdelay=00:00:00, mailer=esmtp, pri=7770908, relay=mx2.seznam.cz., dsn=4.0.0, stat=Deferred: 451 4.4.8 Unroutable email address.
To me it causes just more harm. Only harm to be correct ;) Removing the false fixes everything in my case. But still have to go with coding it into plugin using the phpmailer_init action to keep the change permanent...
This ticket was mentioned in Slack in #core by zodiac1978. View the logs.
3 years ago
#11
follow-up:
↓ 12
@
16 months ago
I agree that this change, not to set the sender, was harmful.
The thing is the opposite as the indicated reason in the changeset. Not setting the sender causes the email to be flagged as spam, suspicious, or "via" in GMail. It affects all common mail systems I know, including via cPanel and other common hosting platforms, to Outlook/Hotmail, but mostly to Gmail, probably the most common of all.
The change has given WordPress a bad reputation in ability to send emails "out of the box". A plugin is needed, either SMTP or, simpler, with a "phpmailer_init" action to fix it.
The change should be reverted immediately to restore WordPress valid email sending capability.
#12
in reply to:
↑ 11
@
6 months ago
- Keywords dev-feedback removed
- Severity changed from minor to major
I need to update this report because after some additional research, I can't really figure out which are the problems with a missing Sender
Initially I thought that the problem was that, by default, the wp_mail takes PHP's default with isMail, which is not bad, but by default, PHPMailer doesn't help using the headers as it does with sendSendMail (with the -t parameter). But it happens that internally, PHP mail action is actually passing -t.
So at this point, we really need some reproduction test cases for why the absence of Sender is causing so much trouble.
But still, as many of you have suggested, I can't see a reason not to use -f which is the best to ensure the best result, maximizing deliverability in all scenarios. Unfortunately, [38286] doesn't really explain which was the exact reproduction scenario where the problem occurred with -f leaving it to pure speculation. Now, most maintainers will be completely afraid of reverting this change, "just in case there is a regression."
Personally, what I would suggest here is testing the major systems: qmail, postfix wrapper, and sendmail itself, and seeing whether this is still reproducible or not.
Furthermore, another proposal that the PHPMailer maintainer proposed is to switch internally from isMail to isSMTP which is way more reliable than the internal mail function (since we are using PHPMailer after all). By default isSMTP is going to take localhost anyway (the same as isMail), but without the hassle of having to set everything with detail like Sender (and without having to deal with shell troubles, which are documented in the PHPMailer docs).
For the reports, @kub1x and @jamieburchell, can you send some raw mails (headers) to further review your troubles?
#14
follow-up:
↓ 15
@
6 months ago
Related #22837
I've been testing, and as I said in my previous message, the absence of Sender should not be an inconvenience in 2025 for any reliable local MTA.
Although I tested it in msmtp and it reported sender problems without the -f, confirming that, with some clients there could be a problem by omitting this parameter.
Testing Protocol
So from here I will be posting the results using different MTA and trying to see if the set to false of auto in PHPMailer's setFrom is justified or not.
Test 1: Using Postfix for the MTA
For the first test, I'm using Postfix. WordPress is being reverse proxied with a Caddy server but the mail transport agent is not being proxied at all. In this case I'm using Postfix 3.7.11 and for wordpress these environment vars
✅ Email is sent without troubles to a Gmail account
Here is the resulting email:
Delivered-To: [REDACTED_EMAIL]
Received: by 2002:a05:6359:6c93:b0:1ff:db44:3f60 with SMTP id td19csp103289rwb;
Wed, 6 Aug 2025 06:45:16 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHfURwEJp/wfNGBM+hPI0F7isAxnOk4r3ckhMxwX1vbZsw3ltC0TN9XpWt+sLxmFtzIhv22
X-Received: by 2002:a05:6512:3c8e:b0:55b:8f40:32bd with SMTP id 2adb3069b0e04-55caf34c5bfmr895771e87.33.1754487916361;
Wed, 06 Aug 2025 06:45:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754487916; cv=none;
d=google.com; s=arc-20240605;
b=S9gyKcUIAMW7nkD7FEA8EprPJHKLIy8F5eU1Tv+RebjALZEbZNSxPs8WNdqNU95XhH
5qIkSJ5EZAwkix0A9jVaIdn5d96xC9MhNIiyFgWggjSlGB7oVp3Aa4rhKSgLtzotD/YA
9vVO4uLU+Hjuw7OA1BB6zWES9h2WO36thEGAIP2ZFQdmTJnrlQqys0kdsCMJEVWvpsjI
opq7dEIR1ec3vgv6GtN9IIZ8uzpU1gUoXh9LXfGDm1A1rpNe7+5DK75sYMdbOgZWRFXh
TJzMYrkq3ZizQZCJp+cIMsQ65cAf1QZ7U8BMps2MVrU0YuiYAY228qynnYLHYjVXLW88
pE5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:message-id:from:date:subject
:to:dkim-signature;
bh=pm0pN+ANahqck0BActi6j9KgyOF87JJqpDBwwhtS3/8=;
fh=LnWiZB+0qsThBew1oCwmWb63UJ40SUAv5hSa6DrXbks=;
b=iVnirhM2bTnFWVwmv39TE/TbEfpAhUeclZtqnmUgwzjESoP66xMu9UxUyIU2xulMop
e6OYHWPlqNhyvLpcoq3UjqOB66n7EU/ZSylqyjb7uP1FTWQXxQT08VF47APUp710AKmL
AXBjhDLAjb/TMgBsqqjDHH5rVz1MQZ3ZnywvhnFOAVvXji3UmkFnVvao2oJfLulYcWOO
4qbTHYni0706+0prjCgal3NoPVTc+9dDAYZnGXJfbd3ozVAjswiX90JvBFMCrvl6783P
+6aRUWb0ye8dDKIUUI2d90ekfVGvQGpOcGVQoH1LmOytuLlVPH8IWbKP61EJNJD96pUh
Sq2Q==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@[REDACTED_SERVER_HOST] header.s=mail header.b=D6ZD3vYa;
spf=pass (google.com: domain of wordpress@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=wordpress@[REDACTED_SERVER_HOST];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOST]
Return-Path: <wordpress@[REDACTED_SERVER_HOST]>
Received: from [REDACTED_SERVER_HOST] ([REDACTED_REVERSE_HOST]. [[REDACTED_SERVER_IP]])
by mx.google.com with ESMTPS id 2adb3069b0e04-55b887df9ebsi4154730e87.107.2025.08.06.06.45.15
for <[REDACTED_EMAIL]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 06 Aug 2025 06:45:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of wordpress@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) client-ip=[REDACTED_SERVER_IP];
Authentication-Results: mx.google.com;
dkim=pass header.i=@[REDACTED_SERVER_HOST] header.s=mail header.b=D6ZD3vYa;
spf=pass (google.com: domain of wordpress@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=wordpress@[REDACTED_SERVER_HOST];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOST]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=[REDACTED_SERVER_HOST]; s=mail; t=1754487915; bh=pm0pN+ANahqck0BActi6j9KgyOF87JJqpDBwwhtS3/8=; h=To:Subject:Date:From:From; b=D6ZD3vYaKdxPsALFXP83772Yse7M6tXkW2wr4vOieEtliFq7Nd6mkixbXjmro86eB
HdgwiUG022juBDRpsgLsQz+m2xeyWfMYZ4Bbbk3x9xcT+f7Utmvo1UjCfl9re8KAgc
uvISwsJ+gUKmWA596tyGG+WFLYG6BzI2+UhxlgXo=
Received: by [REDACTED_SERVER_HOST] (Postfix, from userid 33) id 978A121C0B; Wed,
6 Aug 2025 13:45:15 +0000 (UTC)
To: [REDACTED_EMAIL]
Subject: Health Check – Test Message from https://[REDACTED_SERVER_HOST]
Date: Wed, 6 Aug 2025 13:45:15 +0000
From: WordPress <wordpress@[REDACTED_SERVER_HOST]>
Message-ID: <DAeEY8uz0xzBIMrxcRcH6kvrJTLBuK1nTutUOIJ1o@[REDACTED_SERVER_HOST]>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Hi! This test message was sent by the Health Check plugin from WP Testing (https://[REDACTED_SERVER_HOST]) on August 6, 2025 at 1:45 pm. Since you’re reading this, it obviously works.
Additional message from admin: This is the first test
Note that since this is sent via Postfix and Postfix works correctly both setting -f and without, it will work the exact same in both scenarios.
Also note that, despite of Sender to auto false, both From: and Return-Path: are explicitely added as expected in Postfix
#15
in reply to:
↑ 14
;
follow-up:
↓ 16
@
6 months ago
Replying to SirLouen:
I've been testing, and as I said in my previous message, the absence of
Sendershould not be an inconvenience in 2025 for any reliable local MTA.
Last time I tested it from one specific host (webhuset.no), they are using spamexperts, was in 2024. Messages to [redacted]@gmail.com did not get through at all, not even in the spam box. On some other web hosts (5 on different frameworks) it came through, but was usually marked spam. So I added:
\add_action( 'phpmailer_init', static function( \PHPMailer\PHPMailer\PHPMailer $phpmailer ): void {
$phpmailer->Sender = $phpmailer->From;
} );
and it immediately worked as expected.
Now, in 2025, the message gets through from the first host, too. But:
Without the above filter:
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of anonymous@qmqp.datacenter.no designates [REDACTED_IP] as permitted sender) smtp.mailfrom=anonymous@qmqp.datacenter.no;
dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=[REDACTED HOST]
Received: from [[REDACTED_IP]] (helo=qmqp.hmg9.webhuset.no) by 02.spamexperts.u87.webhuset.no with esmtps
(TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <anonymous@qmqp.datacenter.no>) id 1ujm0n-00DXJ1-Q7 for [redacted]@gmail.com; Wed, 06 Aug 2025 23:49:31 +0200
Received: (qmail 541408 invoked by uid 0); 6 Aug 2025 21:49:29 -0000
Received: from unknown ([REDACTED_IP])
by 0 with QMQP; 6 Aug 2025 21:49:29 -0000
To: [redacted]@gmail.com
With above filter active:
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of wordpress@[REDACTED HOST] designates [REDACTED_IP] as permitted sender) smtp.mailfrom=wordpress@[REDACTED HOST];
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=[REDACTED_HOST]
Received: from [[REDACTED_IP]] (helo=qmqp.hmg9.webhuset.no) by 01.spamexperts.u87.webhuset.no with esmtps
(TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <wordpress@[REDACTED_HOST]>) id 1ujlw6-002IwQ-Id for [redacted]@gmail.com; Wed, 06 Aug 2025 23:44:39 +0200
Received: (qmail 541054 invoked by uid 0); 6 Aug 2025 21:44:38 -0000
Received: from unknown ([REDACTED_IP])
by 0 with QMQP; 6 Aug 2025 21:44:38 -0000
To: [redacted]@gmail.com
Conclusion:
- The Sender seems to decide what/how DMARC is checked.
- The safest way to ensure correct delivery is still to include Sender, even in 2025.
#16
in reply to:
↑ 15
@
6 months ago
Replying to knutsp:
Conclusion:
- The Sender seems to decide what/how DMARC is checked.
- The safest way to ensure correct delivery is still to include Sender, even in 2025.
Good info. I still need to test with Qmail as you are using there.
But I need to test both scenarios (with and without). Still I have the feeling, that noone is going to be willing to take the risk of the regression that maybe could affect millions of webs?.
I hope I can provide enough tests for someone to take the risk safely.
#17
follow-up:
↓ 18
@
6 months ago
@knutsp do you have the full raw email sent with that webhuset.no server?¿
I'm trying to implement a containerized Qmail server, but its being way harder than I expected (very clunky and oldish server, despite of being one of the most robust theoretically). With Postfix it was a breeze but I was expecting that both qmail and sendmail were going to be tough nut to crack. Still I'm going to keep trying to see if I can reproduce your scenario but if you can provide more info, I would be able to check through it faster.
But everything indicates that Qmail will be our use-case to prove this ticket worthy implementing.
#18
in reply to:
↑ 17
@
6 months ago
Replying to SirLouen:
@knutsp do you have the full raw email sent with that
webhuset.noserver?¿
No Sender:
Delivered-To: [REDACTED_NAME]@gmail.com
Received: by 2002:a05:612c:1b89:b0:4d5:d45c:998 with SMTP id ik9csp516027vqb;
Wed, 6 Aug 2025 14:51:58 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEFOzhbWFfi+hxD0YN6txTJpsPdciSYx6JOnSip78sImKmMLGRXuU6K7jx6vR6jYDt7Y7UZ
X-Received: by 2002:a2e:be9d:0:b0:332:1d26:b20c with SMTP id 38308e7fff4ca-3338d124f95mr3296791fa.4.1754517118165;
Wed, 06 Aug 2025 14:51:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754517118; cv=none;
d=google.com; s=arc-20240605;
b=GzJDvqzCLtyG3R5eHLs1CZ7qoMFLfBHmjW3rwCkZZS0qTdVxqjTjp6FDRk5xwKLwf4
zrvDrarflZyu29LmM8vVAXtq7sCoSH1b+9DDvvFdomBLsFUHXmKufq57aCvhXExVr3pu
tJSrizkhMIrqO4Dvg/4yHqzB83Gg/69Q5S59ic8MvRUt4DaWmrLeXCD8y1f8GjSiobd3
jpE/2XN2zJS+EvrAmQYqCYR0Wi6+a9jSaqg2QWZK+0I6N5Wmxy6uTAla/Ieb1Q4jeitc
phJ8D/PD+VLl4fwQPHYDc72jIETDKhXaAjzxFQvoYfxTZ0bO6mgAYbsglXzpfreWebpa
7hFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:message-id:from:date:subject
:to;
bh=3NF0T9E2Jx92EFFhBx8q77AHOWk3IfjeJO6EliqPt3U=;
fh=IUgp/zjmEpLu5inMgCDX2MLU7stUBJfbVhRVyrEYrQw=;
b=PSXWbvn5Ltq/E+s5w7DEcxYz6FgG4WgDXCZwpGRwW20vZO4FkgwTNhUPbQNarYxM3H
YiRTEbT1FTPhlgqxHqRukvUaHoAq765YdihWdu9wrklcQbb8JdSPC+iSGkltDhB3aiwx
9Ivhl2iDxzrHM0mKhXZ2s2AowZ5LvRNKilIzG7NKCWvmQNRe8WODYLs9Qs/1tY+/4Vbr
CrWWE8fw5dM5KaLaWTACLlD/Idg0nqL3rwB5OxCgukzQ5RrnO61y6rhFczuBaWD9v4Ke
Usv9LfCo/DkDYNvu21d8vgrMXugVX4k2Au/u178TTeET8YfMCtilwlQJrMZApe1U+qeP
5t2Q==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of anonymous@qmqp.datacenter.no designates [REDACTED_IP] as permitted sender) smtp.mailfrom=anonymous@qmqp.datacenter.no;
dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=[REDATED_HOST]
Return-Path: <anonymous@qmqp.datacenter.no>
Received: from se-qmqp-outbound02.webhuset.no (se-qmqp-outbound02.webhuset.no. [[REDACTED_IP]])
by mx.google.com with ESMTPS id 38308e7fff4ca-33237f3ea1bsi40912801fa.137.2025.08.06.14.51.58
for <[REDACTED_NAME]@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 06 Aug 2025 14:51:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of anonymous@qmqp.datacenter.no designates [REDACTED_IP] as permitted sender) client-ip=[REDACTED_IP];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of anonymous@qmqp.datacenter.no designates [REDACTED_IP] as permitted sender) smtp.mailfrom=anonymous@qmqp.datacenter.no;
dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=[REDATED_HOST]
Received: from [[REDACTED_IP]] (helo=qmqp.hmg9.webhuset.no) by 02.spamexperts.u87.webhuset.no with esmtps
(TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <anonymous@qmqp.datacenter.no>) id 1ujm3A-00DXaK-AC for [REDACTED_NAME]@gmail.com; Wed, 06 Aug 2025 23:51:57 +0200
Received: (qmail 541593 invoked by uid 0); 6 Aug 2025 21:51:56 -0000
Received: from unknown ([REDACTED_IP])
by 0 with QMQP; 6 Aug 2025 21:51:56 -0000
To: [REDACTED_NAME]@gmail.com
Subject: Site Health Tools – Test message from https://[REDATED_HOST]
Date: Wed, 6 Aug 2025 21:51:56 +0000
From: [REDACTED_NAME] <wordpress@[REDATED_HOST]>
Message-ID: <4BgjZUtHiorftILDwwMYYVdZwgtBGyKuLauaj9SG8@[REDATED_HOST]>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-remote-ip: ukjent
X-originating-server: linweb[red].hmg[red].webhuset.no
X-originating-script: [REDACTED_PATH]/wp-admin
X-wh-username: 1228
X-Originating-IP: [REDACTED_IP]
X-SpamExperts-Domain: qmqp.webhuset.no
X-SpamExperts-Username: [REDACTED_IP]
Authentication-Results: spamexperts.u87.webhuset.no; auth=pass smtp.auth=[REDACTED_IP]@qmqp.webhuset.no
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.26)
X-Recommended-Action: accept
X-Filter-ID: 9kzQTOBWQUFZTohSKvQbgI7ZDo5ubYELi59AwcWUnuUpgNhAFZ3qLifpJM5S1yUBWdIW0ASzZbVg OOUN/nxiQSu2SmbhJN1U9FKs8X3+Nt3TWo7pyO3Ritn8RCH/caluVYzyEIJkY2mrp5MlMt7mfWns 9lgQdBD4RzI47LunuNSY/jWLYULlaUICWs0Mqn0LIeebqmNzITIBQB6uQcT8TzXLy0jUYN7pDlMv wBWBdR2ggmmZ2FcUW2eDr7sfQplP5k//Qib/h+pyPJBjVQ52Siue9TLOhN8AYRsvkjfngQAwDaAe RoXsAYKwARUpnQxnOCFJXv1MwqOqQaTSs+ZtR67VZqJmzCeHtqZ+QtMgTB2dHxOO5xI77mzEkywJ CginJWc6Hvk2XXh9/cAOBIKwOKRNj7ixyBUHQWPam9a0VoMs9H9vRWZELOiK/O0f2DQLFu8PKzZG nbhsOzZ+lAjc+W3QcfZTuiu9uBNL01ImvqtmM83oYG1f2hvsbrozvcrub4Rwy4Kj6hnD4ZkzLvEA LzD8PXRhn5KL4WSRw7NNCSkaZYVZL66dBiZhVnff2OXZ0voNY+YVp6tTmsDAVw83MyxaRQsif/YU G8XfVQduyd2PpF62RcTzTI/rfKDo3Seycxw3qqhc+N6cuEg4XWh5FhiHgTXXLgCbMgENGxtIrmbp ImfpY8f3DZSvm054oIdZ4yG3I1oOFVCCzRw1HhK3QWLvAuZiee2RvYPUH2waSBe3HIBag4Z8iZfx S+d1f+ZKY+gRCFLsmsKaAFFey42AEhEVniihuDwEGDcmr6e3OPRfIvsqlMOy3InnGD9DI24WmGWA 1R+XK7fvkqYScKyvCpoSWlyaeg8oqfj2tNu0/t/c6KMGom+ae/9kWQqxD8gci7CY7AUqBUT/J/d6 UJZ2+e3E7PNP9hZ2YPyDLCAHXnV/nlyS65WL1Zj1WtybRyeYEXJA1BeZrUBFM3r+DIFlJbwIV8Au 54xwLtDo0J4afXM4C1Yzj7RN0Qwpss3RJQuk5zlM+DL0WEWJPsureOm2G0sp7KrW/qhqwcFjzxQR 5zdvUQDPJ2AjkYn2cRYAKxqqMS+4ayUpOtEhdxekWDmK9g==
X-Report-Abuse-To: spam@01.spamexperts.u87.webhuset.no
X-Complaints-To: abuse@01.spamexperts.u87.webhuset.no
Sender = From:
Delivered-To: [REDACTED_NAME]@gmail.com
Received: by 2002:a05:612c:1b89:b0:4d5:d45c:998 with SMTP id ik9csp513222vqb;
Wed, 6 Aug 2025 14:44:40 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IH8NcG7DqNYpYf/zf/6ryR0jHsR7ThiPrQYPG6eiRGLrMnQfchd69ItdNe3FoB4RGdOfocJ
X-Received: by 2002:a05:6512:b14:b0:553:2ef3:f731 with SMTP id 2adb3069b0e04-55caf5d86fbmr1250190e87.29.1754516680436;
Wed, 06 Aug 2025 14:44:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754516680; cv=none;
d=google.com; s=arc-20240605;
b=FXEmVoXePOwNkMofrxtpxQ659eANoh0i+Nr3Nk07nZ7n/BdKKZNrz1yf2l++rMsmkC
oMAI03MSNxr8v4y7iptJh/jLKfAylVhXZEA24GaszgJuBwM77r49gnCIupSfST8kpjm4
fxBtNslcZ4/51RrwALXmUPlFZMNJFIlH0gDylSt0DV0klwT+KQuzEHW0tOeOPbdDt+hW
UA5Y3AJwMJe5mReEl6deUDmcZdDLtqw/y1o5d+7b+REEuxIaO7SP5QqNQIJFZIU5LL8g
LNAvGnDD/m/ieH1SIOVLhMwxOTnNrfhKvk9nymUODOuDdYaoX5A4I9wLp0PBKnv37YAC
JkJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:message-id:from:date:subject
:to;
bh=1NAiSyYLgcEbd974kp/YkPmpm+wGQ4vO40bNBchoxGg=;
fh=IUgp/zjmEpLu5inMgCDX2MLU7stUBJfbVhRVyrEYrQw=;
b=Zpr5YieoALCGJRNsze6hm6hGYnnswetrCXmWBdJMi4HWInNLnbEGHtBOlQM/92LBuz
clTbtvHFH14ClfMe7D2J7z6eLZj8W9/r60YZ9kMxhDc3GDuj63xAtVEsF9dqNy3EyWO7
3HAY+KC+7QbajkJs+Kl2DdV1/D0/M9+jSUo6ZNqjOningqcvopJ9+FHCufoKe+Q9+2kH
mcbaAdgvoYXeAytlF8bWQ0jINzYC8hPgRGYcyI0qKJQ8yZA7cOadxMqWHm8HDv0uKBEI
u6BwkABL7Jp3Pv1d1Dk0gyGKuxir0dSHJOH2a3GJn7IiZ2TsgjbnCQ1gxEiiNkRl1qoe
JaDQ==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of wordpress@[REDATED_HOST] designates [REDACTED_IP] as permitted sender) smtp.mailfrom=wordpress@[REDATED_HOST];
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=[REDATED_HOST]
Return-Path: <wordpress@[REDATED_HOST]>
Received: from se-qmqp-outbound01.webhuset.no (se-qmqp-outbound01.webhuset.no. [[REDACTED_IP]])
by mx.google.com with ESMTPS id 2adb3069b0e04-55b889d4464si4489319e87.675.2025.08.06.14.44.40
for <[REDACTED_NAME]@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 06 Aug 2025 14:44:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of wordpress@[REDATED_HOST] designates [REDACTED_IP] as permitted sender) client-ip=[REDACTED_IP];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of wordpress@[REDATED_HOST] designates [REDACTED_IP] as permitted sender) smtp.mailfrom=wordpress@[REDATED_HOST];
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=[REDATED_HOST]
Received: from [46.226.10.121] (helo=qmqp.hmg9.webhuset.no) by 01.spamexperts.u87.webhuset.no with esmtps
(TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <wordpress@[REDATED_HOST]>) id 1ujlw6-002IwQ-Id for [REDACTED_NAME]@gmail.com; Wed, 06 Aug 2025 23:44:39 +0200
Received: (qmail 541054 invoked by uid 0); 6 Aug 2025 21:44:38 -0000
Received: from unknown ([REDACTED_IP])
by 0 with QMQP; 6 Aug 2025 21:44:38 -0000
To: [REDACTED_NAME]@gmail.com
Subject: Site Health Tools – Test message from https://[REDATED_HOST]
Date: Wed, 6 Aug 2025 21:44:38 +0000
From: [REDACTED_NAME] <wordpress@[REDATED_HOST]>
Message-ID: <5nXC91X1oYZQn82zDopPhU8kFZ5xzTZqxNbHvArqI@[REDATED_HOST]>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-remote-ip: unknown
X-originating-server: linweb[red].hmg[r].webhuset.no
X-originating-script: [REDACTED_PATH]/wp-admin
X-wh-username: 1228
X-Originating-IP: 46.226.10.121
X-SpamExperts-Domain: qmqp.webhuset.no
X-SpamExperts-Username: 46.226.10.121
Authentication-Results: spamexperts.u87.webhuset.no; auth=pass smtp.auth=46.226.10.121@qmqp.webhuset.no
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.30)
X-Recommended-Action: accept
X-Filter-ID: 9kzQTOBWQUFZTohSKvQbgI7ZDo5ubYELi59AwcWUnuVEKL/IkvbESMSzexPKe+yI7Tq1g1wRFEUU 3fMATPSl+Cu2SmbhJN1U9FKs8X3+Nt39k1xGpvarHQIUGnyE7RgN6lnskxdcjycoLGoo8Q4vuARb rsGnW2GhyF/lh+Dg6PXqkGdLYoGXUGZYctuMJykBlDtR/qCXMVqSLVxeSwueS0r/pqDh7apldsyM rNwI+mb6BpeseSBELv+0jcKNeZXKI3r6xroDGrlbLRE0nWqaLs1lhUKRgfDGCtKDTmFsKQgC0cFA KBPjIGQfJqkloU9+jphf6n3pH+bND9atY8IQ8dzZqrrsu03WRFccpjwfEvGUpeoV1G+lFmBvSFOb 0PfLeQ26l+6g7IYTcpkQV1OwCOMTbkn6z1fsm8NoMVdUr8MDPUrsZkS8fIjQg/OlnCq9UDy8v2Lt 915wriMmARNyjBdbujQQkH/J7OsVuclo0xg8SD49VFOJrE9jnafQ+n/zEVBannnL7tRRK/uB8nvA 5cUKq8tdEsIne5ByLBSXZOWHbsdzBI6MOMpDzUIO9/0Vt/iViFlVDYb72YaiK0RvbxHfsVoWW/cX Y9u9psb304Js83u/0wCmJknSMi6/a6kwASJFC/49WOPBr5nlEUI4xGHRRhJyi5O0m6+Gl1L1CiOT 3iKSoSTs1+IjU4ZL+ZYNopeWhFXF73IKGQifqFIvsxtLc42gp3h7N2LXDsxCfu+LTDDF2HbN16NW ypp3i+Bn8LoOS1WnFYL9yJn2jehgG0Y0fH8FSNv7T8R57aM45g6G+IDA94Gg0vccXz5ZIjmhDL81 a+H0US0dlF4S3B+8CjwJWw42swm4bO6gacpMpzLjraoziyzCYgRmhWCDAwB1e+Un4lHFoLhKBpz2 o8QCHiJBK4q7lU39BSR5L12+lSUIJsQLoxGC8h4W0B7VmO9MvDIiKYjiEJbDdcSjqjPnpwOOT4eP N2krLsjed/ObJI1c3KLMGi9Ksu8PMlyWwhooF2Ede6xcFpLxKpAet2WIQvJLebIoBuXBaSWyrMFr UZ/FV/JN7iXMIPCXWMmhc5Pn
X-Report-Abuse-To: spam@01.spamexperts.u87.webhuset.no
X-Complaints-To: abuse@01.spamexperts.u87.webhuset.no
#19
follow-up:
↓ 20
@
6 months ago
Yes, that is the problem with a weakly configured qmail instance
http://www.lifewithqmail.org/lwq.html#anonymous
(Plus the fact that Qmail doesn't accept the -t from the PHP mail instance and PHPMailer doesnt really provide a workaround for this).
Ultimately we can argue that with a forced Sender, we could solve this. The problem is that there is the damned "it-blows-everything-report-without-test-info" [38286] rev is the a major hindrance to pass this (because we could always argue that with a workaround like the one you are using to pass the Sender it can get through, but if it the command blows servers in the unknown world of uncertainty, there is no workaround apart from removing forced Sender)
I've been trying to setup a qmail instance since last night, but it's being a nightmare. Docs are good, but they are extremely long to digest.
PS: Where are the DKIM passing results? Have you redacted them?
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of wordpress@[REDATED_HOST] designates [REDACTED_IP] as permitted sender) smtp.mailfrom=wordpress@[REDATED_HOST];
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=[REDATED_HOST]
#21
in reply to:
↑ 20
@
6 months ago
- Keywords needs-testing added; needs-test-info removed
Replying to knutsp:
Nope.
Ok there is no DKIM here, only an SPF misalignment in the first message. Thanks for the info, I think I got enough test info to proceed here.
#22
@
6 months ago
Test 2: Using qmail for the MTA
✅ Email is sent without troubles to a Gmail account
This is the email with the Sender to false
Delivered-To: [REDACTED_EMAIL]
Received: by 2002:a05:6359:6c93:b0:1ff:db44:3f60 with SMTP id td19csp1703922rwb;
Fri, 8 Aug 2025 14:57:56 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFZMmoiMWR1TLv6Jw+9Tyk5PKw7NVfpkZ2GOc6jR3UNiR+vhSMnbIHskMsC5oExk2A620/J
X-Received: by 2002:a05:6512:3d86:b0:55b:94ea:1d38 with SMTP id 2adb3069b0e04-55cc00e2bf6mr1296571e87.16.1754690276495;
Fri, 08 Aug 2025 14:57:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754690276; cv=none;
d=google.com; s=arc-20240605;
b=De5ZZn9dV3G7eVlws/t16TyX5h+muVycuiGk+sB+CU2bkHuO2QVgeNxx9ZviETyFrw
P0IZzcK0d1Vs0S+hXC47ynGnicVBzpbnMrySbZDjG/rFDqt1qHw5eFMH8SS/GEK2Uo9Z
7Y9XnNGPJn3FWPse4tLfLjDqtXW/+PzJ9tDnkBIpG/URuPZSLCNzQPrK5NzTkqw90K1n
Jh95TIvLOd8Zgt7unLptFEPaa4Od7MoeN60ePNBqLCpzhSuCDbh5yyyE8Nfa+JbjAoE9
bnAIAxA5SqjdR4eBnF0vsuUaSRs3WkoRVRnqOl8Gk5aRoyJQsrEvJ4OtgjOz0NASILux
lgHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:message-id:from:date:subject
:to;
bh=M7YZ+toWMLXdzlEHiz0u6Kwz76TCgknk/l9AAwsdVGI=;
fh=LnWiZB+0qsThBew1oCwmWb63UJ40SUAv5hSa6DrXbks=;
b=Sz92Rtwz7/YZ6HlTU2Xs/FR2epwvEOyr5Uc5lFiCtl0qq1HWNhaCkDP2+IadsBGimL
Saa9Bdw2iANi5q/e3z4OBHjpNcpep8oLSuHZBY7VXawbJkVCQ3LaoYhjbRD3b52UR2eo
zRQerc1spy99xn2uVIj/E/JAltSpEubBoDEO+TmpJ2IglsIgDnH3HWltlPEsWdae0Wci
TeeJYFQeCyS73WLXzc+1863tHC/mavtmCx9FtiCDEIltN1pTGcXKkXMAQi4A2uOTrRB6
0zIdc6FySsbYooWDeLm55tLvE4B/+8NeiGtT/BK8leajhog/kdRlU4+0Q4qtNwLsGBg6
AmaA==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of anonymous@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=anonymous@[REDACTED_SERVER_HOST];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOST]
Return-Path: <anonymous@[REDACTED_SERVER_HOST]>
Received: from [REDACTED_SERVER_HOST] ([REDACTED_SERVER_REVERSE_NAME]. [[REDACTED_SERVER_IP]])
by mx.google.com with SMTP id 2adb3069b0e04-55cc65c0f95si235275e87.304.2025.08.08.14.57.56
for <[REDACTED_EMAIL]>;
Fri, 08 Aug 2025 14:57:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of anonymous@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) client-ip=[REDACTED_SERVER_IP];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of anonymous@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=anonymous@[REDACTED_SERVER_HOST];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOST]
Received: (qmail 96 invoked by uid 33); 8 Aug 2025 21:57:55 -0000
To: [REDACTED_EMAIL]
Subject: Health Check – Test Message from https://[REDACTED_SERVER_HOST]
Date: Fri, 8 Aug 2025 21:57:55 +0000
From: WordPress <wordpress@[REDACTED_SERVER_HOST]>
Message-ID: <6rSEjwB8LmkIRn3qgCNhv5Z4dEAUfTeyg2N5aHxA@[REDACTED_SERVER_HOST]>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Hi! This test message was sent by the Health Check plugin from WP Testing (https://[REDACTED_SERVER_HOST]) on August 8, 2025 at 9:57 pm. Since you’re reading this, it obviously works.
Additional message from admin: This is a test with qmail
Here we can see that despite the From: local is wordpress and the sender envelop is anonymous as I was commenting in my previous message, both SPF and DMARC are passing. I have not added DKIM to the testing qmail server (because this is not the most modern technology and I have wasted a ton of hours trying to containerize a qmail local server with WP that integrates well with shell and is not a relay).
@knutsp it seems that webhuset.no has a configuration trouble. It seems that the curren't qmail (I'm using notqmail 1.09 for this test because qmail 1.03 was too much of a hassle and required a million patches to make it work). I'm wondering which version of qmail they are using in webhuset.no
Also noticing that for the two first tests, with Postfix and qmail, there is no problems either with the Sender auto enabled by default.
For the final test I'm going with sendmail directly, no more wrappers. This is the final acid test to check if the crashes they were commenting in [38286] are still valid in 2025.
Update, version with DKIM, FWIW (without Sender auto)
Delivered-To: [REDACTED_EMAIL]
Received: by 2002:a05:6359:6c93:b0:1ff:db44:3f60 with SMTP id td19csp1960109rwb;
Sat, 9 Aug 2025 04:32:35 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGoiLIzawUCXBP5vKvsYxChtpqyjv8vb8DJDIZjMPBXOVkksWehRhIxWS9cUMbjVBb28mN3
X-Received: by 2002:a05:6512:2207:b0:553:2868:6355 with SMTP id 2adb3069b0e04-55cc008641emr2262974e87.18.1754739155522;
Sat, 09 Aug 2025 04:32:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754739155; cv=none;
d=google.com; s=arc-20240605;
b=VUxK+UhM2Phx51Ig6SzIiS9323zSz//3CIPu2LWWvI4DenN1DRWkmy4MhZjpwATcGJ
BXnTb8+x5vCZS6MIlQ1kpf/r+Cn2ApDSMFY91qvg+E2LaaSX5fGDtvGXtDw9frrI1ijI
MRX/qEfUJWN31tpeyzZYVFji2u398xfYySvhJvV2YYGSUmGNzATr3JnFkkCX98Tx5/GG
131l/OhGrTOV3cQMITnLdN8sT9Ek1ZlAj5xM399tWP82fkohMUd5NDIQCQbaTQG+tlOM
1CN5LSLZ0KBF4ZIMyk5+ymYvj2fq92vjPWDTBmO180jlsXV7Qxi2648OMo0a1DjNYTrm
Jd1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:message-id:from:date:subject
:to:dkim-signature;
bh=OPy7LyzOMbOZpOhod6309RaN9YI34Gg6pYR9DDB6PIc=;
fh=LnWiZB+0qsThBew1oCwmWb63UJ40SUAv5hSa6DrXbks=;
b=WsDIM/aZ265uycWyQHjkqGZQzq2y0hieie60kvsYP4UiEkB/guVNZLwCCqrc6AMiXc
n7I2FqUXsVC4eCJuRZPYKy+81ViTa3mZCLnok0LTLk72Mk8o0faR6YzonysJmd5AV23z
PeFqkSUkKa4xDrvN3nYmzZQaDvKW0okYeWx3Q4vpZ/tZk+4igH0I76Bs0WfjXb8Dqk1J
pnNSVqB0YAJKhr/pmhdGYTfYSPn08K4Wbg8hIfwWKkL8HmOmT5N97jnB2Uc2DX8RTX9B
FgvI36wQZV4oXelaykhkZTbViwXNcLkN4sYavp88CoO96xzN7Isk9wlVqHtR2NlZVBaO
DnPQ==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@[REDACTED_SERVER_HOSTNAME] header.s=mail header.b=s8YL2Whg;
spf=pass (google.com: domain of anonymous@[REDACTED_SERVER_HOSTNAME] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=anonymous@[REDACTED_SERVER_HOSTNAME];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOSTNAME]
Return-Path: <anonymous@[REDACTED_SERVER_HOSTNAME]>
Received: from [REDACTED_SERVER_HOSTNAME] ([REDACTED_SERVER_REVERSEHOST]. [[REDACTED_SERVER_IP]])
by mx.google.com with SMTP id 2adb3069b0e04-55b8897ed05si6288100e87.256.2025.08.09.04.32.34
for <[REDACTED_EMAIL]>;
Sat, 09 Aug 2025 04:32:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of anonymous@[REDACTED_SERVER_HOSTNAME] designates [REDACTED_SERVER_IP] as permitted sender) client-ip=[REDACTED_SERVER_IP];
Authentication-Results: mx.google.com;
dkim=pass header.i=@[REDACTED_SERVER_HOSTNAME] header.s=mail header.b=s8YL2Whg;
spf=pass (google.com: domain of anonymous@[REDACTED_SERVER_HOSTNAME] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=anonymous@[REDACTED_SERVER_HOSTNAME];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOSTNAME]
Received: (qmail 120 invoked by uid 33); 9 Aug 2025 11:32:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=[REDACTED_SERVER_HOSTNAME]; h=to:subject:date:from:message-id:mime-version:content-type:content-transfer-encoding; s=mail; bh=OPy7LyzOMbOZpOhod6309RaN9YI34Gg6pYR9DDB6PIc=; b=s8YL2WhgBq8BxoQS1HqWh5t1S4GUP1m+MwQ1l0+YZJC2v6G93iBIHSP6tmLFVVCr/JhvM8e+3uIjUmS13XbO7TyGj3eWJtUb655hXH7xdHoOQpkEi7h5m0Ywltz0NfcXebN4SH4u5O/xV9rpC8YInynb2ePEKUI+XbUKl2ElDEA=
To: [REDACTED_EMAIL]
Subject: Health Check – Test Message from https://[REDACTED_SERVER_HOSTNAME]
Date: Sat, 9 Aug 2025 11:32:34 +0000
From: WordPress <wordpress@[REDACTED_SERVER_HOSTNAME]>
Message-ID: <u3fYy7i4c00v5ZovrlontDDRCg66293VaEQF98gmOk@[REDACTED_SERVER_HOSTNAME]>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Hi! This test message was sent by the Health Check plugin from WP Testing (https://[REDACTED_SERVER_HOSTNAME]) on August 9, 2025 at 11:32 am. Since you’re reading this, it obviously works.
Additional message from admin: DKIM with Qmail
Completely identical results to Postfix, with the particular thing that Postfix takes the username for the running webhost (www-data) while Qmail just fixes it to anonymous for the local part.
In both cases I'm using direct SMTP, not QMQP or QMTP.
#23
follow-up:
↓ 24
@
6 months ago
One possible pitfall here is that it appears it is a common (mis)configuration to have sendmail_path in php.ini configured with an -f option. If you do that, and then you specify a sender with PHPMailer (or if you just call PHP's mail() function directly while specifying an -f option), you end up providing the -f option to sendmail twice, which apparently causes sendmail to fail completely.
This is mentioned in the PHPMailer wiki (see the part which mentions More than one "from" person):
https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#could-not-instantiate-mail-function
See also the original bug report:
#24
in reply to:
↑ 23
;
follow-up:
↓ 27
@
6 months ago
- Keywords has-test-info has-patch added; needs-testing removed
Replying to siliconforks:
One possible pitfall here is that it appears it is a common (mis)configuration to have
sendmail_pathinphp.iniconfigured with an-foption. If you do that, and then you specify a sender with PHPMailer (or if you just call PHP'smail()function directly while specifying an-foption), you end up providing the-foption tosendmailtwice, which apparently causessendmailto fail completely.
Nowadays this is impossible because it will manually add to the -f whatever data is in sendmail_from and overwrite any other alternative (like the From: coming from the setFrom method auto param). So the sendmail_from always takes precedence.
This is mentioned in the PHPMailer wiki (see the part which mentions
More than one "from" person):
https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#could-not-instantiate-mail-function
See also the original bug report:
Yes, that could be the issue that was causing trouble back in the day. This was reported though in 2019, and the issue poped into Trac in 2016.
But this was sorted in 2021 and there are no references to any issues (later was refined)
https://github.com/PHPMailer/PHPMailer/commit/f9f5b8d21ed2b79fe2e660f2c0ae9c676e30210c
The main problem with an MTA like qmail (and postfix) is the support of the QMQP federated system which ultimately can provoke that the sending envelope/return-path (if not specified) ends being one of the servers of the federation from where the email was sent from (plus the local part, which generally, by default if unset in qmail is anonymous). In the example brought by @knutsp we can clearly see this problem which is extremely difficult to reproduce locally because building a federation is not simple.
On the other side, the problem referenced in [38286] was already sorted and so far I've been unable to reproduce it under multiple circumstances.
At this point after all the testing (I may add some future proofs but I think that there is enough info already), and given that the previous patch was provided with minimal testing feedback it must be reverted and ideally before 6.9 (because in the remote unlikely case there is a regression) it will be the shortest span between 6.9 and 6.9.1 to gather more information and find a better fix than just this weird obfuscation.
This ticket was mentioned in PR #9412 on WordPress/wordpress-develop by @SirLouen.
6 months ago
#25
Testing has already been done.
This is the final reviewed patch.
Trac ticket: https://core.trac.wordpress.org/ticket/49687
#26
@
6 months ago
Test 3: Using Sendmail for the MTA
Finally testing with Sendmail. The result is pretty much identical to Postfix. Using 8.17.1.9 Sendmail version for this.
Delivered-To: [REDACTED_EMAIL]
Received: by 2002:a05:6359:6c93:b0:1ff:db44:3f60 with SMTP id td19csp1994279rwb;
Sat, 9 Aug 2025 06:00:07 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IG+g19vr02rDrf1exz6Jm9Yztx63BveRIbzYE9bROJGm0mDIyR8Tnv1y/vTObrepTUe7n3z
X-Received: by 2002:a2e:be8f:0:b0:333:951f:6dd7 with SMTP id 38308e7fff4ca-333a2539a32mr19444011fa.3.1754744406990;
Sat, 09 Aug 2025 06:00:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754744406; cv=none;
d=google.com; s=arc-20240605;
b=CUL1EwzHpWo2N+6C9njiNVv0jVeeMdaeItV0t/zvX/5FEhlZYuuxq5UHhT6t735wr6
ncXk2c13tVaR6nmdKFT3f2At7Gi5PbflS/fOOLSwal0RFsmMwXzz4+ZI2EaNB0quOksW
cH20lQtta5lnnyy/+ZLrBlht0S5ij7Bp09EH5r8C0XKZUBKAd3Gfz9Hd1dYItxxifN6I
AwmuAlxsxGt/6RUjEoRQpHxUngFhm+rBtZI3DvBY04v959mSqAyGweTCybYh76tYbdBR
GH/B/Rq9ZG4+zBIGHdPIjDLLFqcpzXKGBwVMSotxxkT3mDyQ8luwMSk5CDyOUBNT0y61
p8Wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:message-id:from:date:subject
:to:dkim-signature;
bh=3qe+NqPQqN3D9HhWZn1o0Cm3dcfT06KA+t3Ct6Z0s2I=;
fh=LnWiZB+0qsThBew1oCwmWb63UJ40SUAv5hSa6DrXbks=;
b=XpVculoCygGx2nc9LmFruxnFIRVwSHtdyAUIGnGJGgTP1nz8KhckcjVgjzt/1xNXRA
W/+AlYFfWnD45zuaCBchEGUMm/hH0f3wlt2gTsd5Cczd2XhmL3pek6AVo3SPalCF6xAf
3AnpAAfbgVfNlGgDwiE3Cv5Fl7PW27AcznfWdaRSHdWOinZ9fiZbnXMEjLs1RkgmcvMF
sgOsaM5CO/JonPaH3SN1YPT07OjIWcYkPexOQ9DSmhYqF5i4j2FX7k63IidnwpmaQ1dI
5BI++75wj3GTLAKYdHW829rVwhPfTxy0VXTw963ZC2oSgjbUR5+ooi1iRShn6otKB/2E
vmQw==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@[REDACTED_SERVER_HOST] header.s=mail header.b=Apx1kRGL;
spf=pass (google.com: domain of www-data@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=www-data@[REDACTED_SERVER_HOST];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOST]
Return-Path: <www-data@[REDACTED_SERVER_HOST]>
Received: from [REDACTED_SERVER_HOST] ([REDACTED_SERVER_REVERSEHOST]. [[REDACTED_SERVER_IP]])
by mx.google.com with ESMTPS id 38308e7fff4ca-333b35f4c4dsi4818721fa.595.2025.08.09.06.00.06
for <[REDACTED_EMAIL]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 09 Aug 2025 06:00:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of www-data@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) client-ip=[REDACTED_SERVER_IP];
Authentication-Results: mx.google.com;
dkim=pass header.i=@[REDACTED_SERVER_HOST] header.s=mail header.b=Apx1kRGL;
spf=pass (google.com: domain of www-data@[REDACTED_SERVER_HOST] designates [REDACTED_SERVER_IP] as permitted sender) smtp.mailfrom=www-data@[REDACTED_SERVER_HOST];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=[REDACTED_SERVER_HOST]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=[REDACTED_SERVER_HOST]; s=mail; t=1754744406; bh=3qe+NqPQqN3D9HhWZn1o0Cm3dcfT06KA+t3Ct6Z0s2I=; h=To:Subject:Date:From:From; b=Apx1kRGLpHcunom0zjI8YVl4VOa/eMjuq25ObykSAtfBaiAlBe9gX7qy85KM4ECB4
GQChvrTqMeZCpz8SWU0UNdrENljWK5LIQgn4LNXOok/mTYOt2WwV1UuXOi/Le4bhKe
URl8OcOOxRMHkK5Cygsb94SblQTk3JxLPtRRes3k=
Received: by [REDACTED_SERVER_HOST] (Postfix, from userid 33) id 5CA464169C; Sat,
9 Aug 2025 13:00:06 +0000 (UTC)
To: [REDACTED_EMAIL]
Subject: Health Check – Test Message from https://[REDACTED_SERVER_HOST]
Date: Sat, 9 Aug 2025 13:00:06 +0000
From: WordPress <wordpress@[REDACTED_SERVER_HOST]>
Message-ID: <ibPWKa3qJoHj4YjalE0mgtfeIJPR1eGmSGimdllWsEA@[REDACTED_SERVER_HOST]>
X-Mailer: PHPMailer 6.9.3 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Hi! This test message was sent by the Health Check plugin from WP Testing (https://[REDACTED_SERVER_HOST]) on August 9, 2025 at 1:00 pm. Since you’re reading this, it obviously works.
Additional message from admin: Test with Sendmail
Extra: I also tested with Exim 4.96 and the result was again , identical to Postfix and Sendmail.
Final results:
| MTA | Auto false (current) | Auto Default (patch) |
|---|---|---|
| Postfix | ✅ | ✅ |
| Qmail | ✅ | ✅ |
| Qmail (with QMQP) | ❌ | ✅ |
| Sendmail | ✅ | ✅ |
| Exim | ✅ | ✅ |
#27
in reply to:
↑ 24
@
6 months ago
Replying to SirLouen:
But this was sorted in 2021 and there are no references to any issues (later was refined)
https://github.com/PHPMailer/PHPMailer/commit/f9f5b8d21ed2b79fe2e660f2c0ae9c676e30210c
I confess I'm not sure I understand what that commit is doing, but I don't think that's related to the issue I'm talking about? I think the issue with multiple -f options still exists.
These are the steps I'm doing for testing:
- Install WordPress with PR #9412
- Create a file
fakesendmail.shwith the following code:
#! /bin/sh dir=$(dirname $0) log="$dir/fakesendmail.log" echo "$0" >> "$log" for i in "$@" do echo " $i" >> "$log" done
- Edit your
php.inifile and changesendmail_pathto point to thefakesendmail.shscript and add an-foption:
sendmail_path = /srv/fakesendmail/fakesendmail.sh -fphp.ini@example.test
- Send an email using WordPress (e.g., using the forgot password functionality). You should find the following in your
fakesendmail.logfile:
/srv/fakesendmail/fakesendmail.sh -fphp.ini@example.test -fwordpress@example.test
You can see that WordPress is executing the command with two -f options.
My concern is that maybe this is what was happening in #37736 and we might just see a repeat of the same thing all over again?
(Or possibly #37736 was something else. The reports are so vague - "some hosts do not allow the use of this flag", "fail on some server environments", etc. - that it's hard to tell what was actually the problem.)
#28
follow-up:
↓ 29
@
6 months ago
Now that I'm reviewing the docs I think I see now a problem:
This directive works also under Windows. If set, smtp, smtp_port and sendmail_from are ignored and the specified command is executed.
sendmail_from is ignored if sendmail_path is configured.
But PHPMailer is actually adding a sender, and transitively PHP is also adding it.
With sendmail_from you make sure that the -f is set in PHPMailer, but then you are adding again in the sendmail_path with the -f
Let me test with a simple script to see what's exactly going on, because this makes no sense.
Which "From:" mail address should be used in mail sent directly via SMTP (Windows only). This directive also sets the "Return-Path:" header.
The sendmail_from was meant for Windows system exclusively. But PHPMailer, because this directive also sets the "Return-Path:" header, regardless of the system. And since DMARC SPF check relies on the "Return-Path", this could be relevant.
Still setting in the sendmail_path the -f is a wrong practice. The -f must be set in the additional_params of mail or via mail.force_extra_parameters. If the original revision creators had a failing system because of this, they had misconfigured their system. Although I believe that the problem was more related to the other fact (that the Sender was not correctly assigned in previous versions of PHPMailer)
#29
in reply to:
↑ 28
@
6 months ago
Replying to SirLouen:
Still setting in the
sendmail_paththe-fis a wrong practice.
To clarify: I'm not actually advocating the use of the -f option in the sendmail_path setting.
That having been said ... it does seem to be a common practice, for whatever reason. You can find examples all over the internet of people getting bitten by this:
https://mantisbt.org/forums/viewtopic.php?t=24647
https://github.com/magento/magento2/issues/20033#issuecomment-532289611
https://bugs.php.net/bug.php?id=53984
https://github.com/bcit-ci/CodeIgniter/issues/4343
https://forum.joomla.org/viewtopic.php?f=622&t=727375
https://www.vmayo.com/docs/fixed-phpmailer-smtp-error-could-not-connect-to-smtp-host-2/#11-toc-title
... and so on ...
#30
@
6 months ago
The good thing here at least is that PHPMailer warns about the fact that you are completely screwing it and explains how you are screwing it (if they did some logging in #37736 and got this message we could have a reference).
When you check the docs in PHPMailer, you can quickly see that the main maintainer is completely against using mail, and advocates for using a direct connection via SMTP. Theoretically, switching should be painless, according to him, but I'm not that sure. In practice, even if you are using a relayed configuration, you should have configured this in your localhost server, which should be listening to your localhost demands. So I can't quickly think of what could be the problem of switching to isSMTP (and all troubles like this would disappear instantly), but still trying to think of all the scenarios where mail could break is really weird, but still I believe we should be sticking to the correct way to do things.
As you can see as an example of one of the messages you posted:
I am experiencing this bug with PHP 5.4.16 and Sendmail 8.14.7.
In php.ini I have sendmail_path defined with -f addr@…, and I called mail() with -f in the 5th parameter.
My intent is to have -f defined in case I don't with mail(), and then override it as needed in mail()
Instead I get the error: more than one "from" person
The person is doing things wrong. If they actually want to override the mail -f they should be using mail.force_extra_parameters not adding this to the sendmail_path and causing this double From:
If they simply pretend to have a -f fallback, I think that they should do something like you did: adding a "fakesendmail" script that actually checks and adds or remove things on the fly.
Edit: Now I see an scenario where using isSMPT could fail. It appears that you could specify in php.ini a host and port directly for Windows. In that case, for anyone setup, bypassing mail will break their mailing system if we switch to isSMPT which targets localhost: by default. Still, we could check for ini_get('smtp') and ini_get('smtp_port') and forward accordingly. I think that if we conclude with this ticket, I will propose this idea for a future iteration.
#31
@
5 months ago
- Milestone changed from Awaiting Review to 6.9
- Owner set to SirLouen
- Status changed from new to accepted
This ticket was mentioned in Slack in #core by welcher. View the logs.
4 months ago
This ticket was mentioned in Slack in #core by welcher. View the logs.
3 months ago
#35
follow-up:
↓ 41
@
3 months ago
@Clorith @iandunn @DrewAPicture do you have any insight to share from adding the false value to $phpmailer->setFrom() originally?
#36
@
3 months ago
After considerable help from @stankea and @websupporter we have confirmed a few things, most notably a confirmation that this patch should be appropriate.
- In
trunkthe Sender/Envelope From is being set incorrectly due to thefalseflag. It’s likely picking up an unreachable hostname from the mail server. - With the patch WordPress by default is using the domain “where the front end is accessible” and
wordpressas the user.
This is generally correct. However there might be one case where this breaks existing sites: if the site has a SPF which does not allow sending emails on behalf of this site domain, then other mail hosts might start rejecting emails from it where they may have let through the previously-configured host. Granted, this is an odd configuration and for sites where advanced mail setup has already taken place. It is likely that if someone configures SPF they will probably add the appropriate domain in the policies. Even then, if the site has a working DKIM+DMARC configuration it will likely bypass this SPF failure.
All in all it seems like this is an appropriate change, and should anything drastic come up we can always revert. I will be merging this now. Thank you everyone for your help, reporting, testing, explanations, and double-checking.
#39
@
3 months ago
Replying to dmsnell:
After this change there is a chance of mail failure for sites with SPF configured but which does not allow mail to be sent on behalf of this domain and if those sites also do not have a properly configured DKIM and DMARC setup. Those sites should review their SPF policies or the
wp_mail_fromfilter.
If I don't set an envelope sender, it becomes the user the webserver is running as (apache) and the machine name (which is never the actual domain name - e.g. xyz_web_prd_lon_01) Therefore: apache@xyz_web_prd_lon_01. I'm struggling to think of a scenario where not specifying the envelope sender would result in the desired behaviour.
#40
@
3 months ago
@jamieburchell after this change, the sender should default to wordpress@my-site.my-tld where my-site.my-tld roughly corresponds to home_url() without any www. prefix.
so if you happen to have an SPF policy which disallows sending emails on behalf of my-site.my-tld it will start rejecting with this patch, because previously it did not come from that rejected domain. the circumstances should be extremely rare.
#41
in reply to:
↑ 35
@
3 months ago
- Keywords needs-dev-note added
Replying to dmsnell:
@Clorith @iandunn @DrewAPicture do you have any insight to share from adding the
falsevalue to$phpmailer->setFrom()originally?
You can find the info in #37736 and some of the related tickets. Though, most of the issues should now by fixed by #25239.
Adding needs-dev-note so it gets further testing.
#42
@
3 months ago
Thank you @ocean90!
After reading that discussion (and embarrassed for missing it when I reviewed the old patches), I think it’s still appropriate what we did to change this argument. If nothing else, it seems like the environment in which this code runs and the servers with which it interact have changed over time, so things might be different today than it was before.
With that, we do have some clear guidelines explaining what was used to justify the changes that people can evaluate again and determine if it’s proper or not.
#44
follow-up:
↓ 45
@
7 weeks ago
There’s a report in Reddit about this failing with the following log message:
The email function could not be instantiated.
This message is not in the WordPress code, which leads me to believe it’s being returned by an upstream mail function. It’s also not found inside the PHP source code.
The report notes that reverting [61010] resolves the problem, so something about the setFrom() call must be causing a rejection somewhere that breaks things.
#45
in reply to:
↑ 44
;
follow-up:
↓ 46
@
7 weeks ago
Replying to dmsnell:
There’s a report in Reddit about this failing with the following log message:
The email function could not be instantiated.
It's conceivable that it might be the issue I mentioned above:
#46
in reply to:
↑ 45
;
follow-up:
↓ 48
@
7 weeks ago
Replying to siliconforks:
It's conceivable that it might be the issue I mentioned above:
I'm not sure why this is conflicting
<?php if (!empty($this->Sender) && static::validateAddress($this->Sender)) { if (self::isShellSafe($this->Sender)) { $params = sprintf('-f%s', $this->Sender); } $old_from = ini_get('sendmail_from'); ini_set('sendmail_from', $this->Sender); }
So, I wonder if the user is receiving the More than one "from" person error also.
If the user has the sendmail_from set in his php.ini, PHPMailer should overwrite it. But if they are forcing the -f in the sendmail_path this is a complete misconfiguration of the server (because for this purpose, there is a sendmail_from).
The reality is that the problem comes, when people have forced their sendmail binary from for whatever reason. In this case, now two From addresses will be conflicting. Anyone who could have had troubles with the missing Sender address because of this bug, shouldn't have been using the default wp_mail behaviour if they pretended to add -f enabled in their sendmail. I understand that the Mail component has been a little abandoned for years and people were resorting to whatever worked the best. But instead, they should have switched to isSendMail. By having the Sender option disabled here because of [38286], the regular isMail became too permissive and was enabling sending mails with PHP mail function wrongly (and this is not ideal according to the PHP docs).
Here there are two quick solutions:
- Ideally if you want to keep your sendmail server configuration, or you cannot modify it because its a webhost, switch to
isSendMailthis code inside a plugin orfunctions.php
<?php function use_sendmail( $phpmailer ) { $phpmailer->isSendMail(); } add_action( 'phpmailer_init', 'use_sendmail' );
- Removing the sender address from the
sendmail_pathparameter in yourphp.inifile. Check if yoursendmail_pathis adding a-f.
#47
@
7 weeks ago
Thanks everyone for looking into this user's report!
Could the next person with new information about the issues surfacing after the 6.9 release please open a new bug report ticket and reference this one?
Since this ticket is closed on a completed milestone, it should remain that way. This also means it will not show in any reports on Trac, making it difficult to find and/or keep track of.
#48
in reply to:
↑ 46
@
7 weeks ago
Replying to SirLouen:
If the user has the
sendmail_fromset in hisphp.ini, PHPMailer should overwrite it. But if they are forcing the-fin thesendmail_paththis is a complete misconfiguration of the server (because for this purpose, there is asendmail_from).
sendmail_from is a Windows only configuration option. Hence the need to add -f to the sendmail path in Linux:
sendmail_from string
Which "From:" mail address should be used in mail sent directly via SMTP (Windows only). This directive also sets the "Return-Path:" header.
https://www.php.net/manual/en/mail.configuration.php#ini.sendmail-from
#49
follow-up:
↓ 50
@
7 weeks ago
If anyone is running WordPress 6.9 and wants to revert to exactly the way it behaved in WordPress 6.8, I believe that the following code should work:
<?php add_action( 'phpmailer_init', static function ( $phpmailer ) { $phpmailer->Sender = ''; } );
#50
in reply to:
↑ 49
;
follow-up:
↓ 51
@
7 weeks ago
Replying to jamieburchell:
sendmail_fromis a Windows only configuration option. Hence the need to add-fto the sendmail path in Linux:
sendmail_from string
Which "From:" mail address should be used in mail sent directly via SMTP (Windows only). This directive also sets the "Return-Path:" header.
I have to admit that this is very poorly explained and can easily lead to confusion; this is why some people don't use it correctly.
As you can see, there are two parts:
Which "From:" mail address should be used in mail sent directly via SMTP (Windows only)This directive also sets the "Return-Path:" header.
There are some specific SMTP mailing functions for enabling Windows hosts such as SMTP and smtp_port. With sendmail_from you can set the from field for such.
But, the real utility of sendmail_from was to send the Return-Path header which MDA use to set the Sender envelope.
Yesterday my first thought was the idea provided by @siliconforks of simply removing the Sender parameter in phpmailer.
Replying to siliconforks:
If anyone is running WordPress 6.9 and wants to revert to exactly the way it behaved in WordPress 6.8, I believe that the following code should work:
<?php add_action( 'phpmailer_init', static function ( $phpmailer ) { $phpmailer->Sender = ''; } );
This may only work in the scenario that there are no two conflicting Sender addresses, but the fact that the user actually doesn't have the default route for sendmail binary configured correctly in php.ini. But this is a flawed workaround, since the server is poorly configured and we are leaving it like that. Ideally in this scenario, the server should be correctly configured, and if we want to force the -f the use isSendMail. But if the host owner is not willing to update, then this could be a good idea to try.
#51
in reply to:
↑ 50
;
follow-up:
↓ 52
@
7 weeks ago
Replying to SirLouen:
I have to admit that this is very poorly explained and can easily lead to confusion; this is why some people don't use it correctly.
Ha! No kidding. I've been using PHP since version 4 and I only just today learned this.
#52
in reply to:
↑ 51
;
follow-up:
↓ 58
@
7 weeks ago
Replying to SirLouen:
I have to admit that this is very poorly explained and can easily lead to confusion; this is why some people don't use it correctly.
Well, look what I spotted in the default www.conf of a PHP installation:
; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
The example actually tells us do it this way?
#53
follow-up:
↓ 54
@
7 weeks ago
I just confirmed that setting this directive has no affect on the envelope sender in my Linux environment:
Does not work:
php_admin_value[sendmail_from] = nobody@example.com
Works:
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -fnobody@example.com
#54
in reply to:
↑ 53
;
follow-up:
↓ 55
@
7 weeks ago
Replying to jamieburchell:
I just confirmed that setting this directive has no affect on the envelope sender in my Linux environment:
What email server are you using?
#55
in reply to:
↑ 54
@
7 weeks ago
Replying to SirLouen:
What email server are you using?
RHEL defaults - Postfix (with Sendmail compatibility interface)
#56
follow-up:
↓ 57
@
7 weeks ago
I should explain that my testing was with a vanilla PHP script (not WordPress) where I simply set the sendmail_from configuration directive and executed mail('me@example.com', 'TEST', 'TEST'). In this case, the sendmail_from configuration was ignored and likely why hosting environments that want to force it to something other than apache@machine_name (or similar) tack the -f parameter on to the sendmail bin path - since they cannot be sure what clients will actually be running on there.
PHPMailer has this bit of code (curiously prefixed by a comment citing old PHP workarounds):
//PHP 5.6 workaround
$sendmail_from_value = ini_get('sendmail_from');
if (empty($this->Sender) && !empty($sendmail_from_value)) {
//PHP config has a sender address we can use
$this->Sender = ini_get('sendmail_from');
}
So we can assume that this configuration directive would work if using PHPMailer.
#57
in reply to:
↑ 56
@
7 weeks ago
Replying to jamieburchell:
So we can assume that this configuration directive would work if using PHPMailer.
There is something weird here, because the absence of the Sender doesn't change that much (code-wise). I tested back in the day thoroughly with a ton of different live servers with and without the Sender address and I could not see any real changes.
https://core.trac.wordpress.org/ticket/49687?replyto=56#comment:26
I'm debugging this further, because I have a hunch that there is something problematic on the PHPMailer's side and that sendmail_from could be related (not certain though). If you say it's not changing anything at all, there is something unexpected here.
#58
in reply to:
↑ 52
@
7 weeks ago
Replying to jamieburchell:
Well, look what I spotted in the default
www.confof a PHP installation:
; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.comThe example actually tells us do it this way?
Thanks for pointing this out. I've filed a bug report in the PHP issue tracker for this:
#59
@
7 weeks ago
I'm suspicious that despite postfix provides a wrapper for Sendmail, its doing something under the hood that changes everything
I've spinned my staging mail server to test this and I'm unable to reproduce any of these errors, by force setting sendmail_path with the -f and as @jamieburchell says, sendmail_from doesn't change anything at all.
So the users experiencing problems might be using something not postfix. I'm going to spin my other instances with Exim, Sendmail, etc... to see if I find the culprit.
Btw, a quick fix is the installation of the plugin provided at https://www.webdezign.co.uk/avoid-wordpress-emails-ending-spam-folder/, but the obvious question remains whether and why the envelope sender is on purpose NOT set.