This code is from manual lemos's collection. I changed it to add print statements, some comments, and code to test it.
Basically, it verifies the mail exchange (domain) exists, then it connects to the mail server to verify that it is alive.
You don't really know if that user exists because the server won't tell you - unless the VRFY mode is turned on... and it's always turned off to avoid hackers.
This only works on a unix system because windows has no getmxrr function.
<?php
// ---------------------------------------------------------
function p( $string ){
echo "--> $string<br>";
return;
}
// ---------------------------------------------------------
function checkemail($email){
p($email);
list($mailbox,$domain) = split('@',$email,2);
$state = 'domain';
// find preferred mailserver
if(getmxrr($domain,$mailhosts,$pref)){
asort($pref);
foreach($pref as $preferred){
$mailserver = $mailhosts[key($pref)];
break;
}
$state = "Mail exchange found for $mailserver";
p ($state);
$state = mailconnect($mailserver,$email);
}else{
// no mail exchange found try as host
$state = "No mail exchange found using $domain";
p ($state);
// $state = mailconnect($domain,$email);
}
return $state;
}
// ---------------------------------------------------------
function mailconnect($mailserver,$email){
$myhostname = $SERVER_NAME;
$connection = fsockopen($mailserver, 25);
if($connection){
$state = "Connected to $mailserver";
p ($state);
// Nothing to do with greeting
//$smtpgreeting = fread($connection, 512);
//p ($smtpgreeting);
//if($smtpgreeting){
fputs($connection, "HELO $myhostname\r\n");
$hello = fgets($connection, 512);
if($hello){
$state = "HELO reply from $mailserver: $hello";
p ($state);
fputs($connection, "MAIL FROM: <webserver@$myhostname>\r\n");
$youok = fgets($connection, 512);
if($youok){
$state = "MAIL FROM: reply from $mailserver: $youok";
p ($state);
p($email);
fputs($connection, "RCPT TO: <$email>\r\n");
$recepient = fgets($connection, 512);
$state = "RCPT TO: reply from $email: $recepient";
p ($state);
if(ereg('250',$recepient)){
fputs($connection, "QUIT\r\n");
$deliverable = true;
$state = false;
}elseif(ereg('220',$recepient)){
fputs($connection, "QUIT\r\n");
$deliverable = true;
$state = false;
}else{
/* ---------------------------
Note: The receiver-SMTP MAY verify RCPT parameters as they arrive;
however, RCPT responses MUST NOT be delayed beyond a reasonable
time (see Section 5.3.2).
Therefore, a "250 OK" response to a RCPT does not necessarily imply
that the delivery address(es) are valid. Errors found after message
acceptance will be reported by mailing a notification message to an
appropriate address (see Section 5.3.3).
450 mailbox busy, try again later
452 recipient out of disk space, try again later
452 too many recipients
503 need MAIL before RCPT
550 no such recipient here
551 recipient has moved; try <aj@fires.af.mil>
553 we don't relay mail to remote addresses
What VRFY and EXPN Are
The vrfy command allows someone to telnet to your Sendmail server
and ask to verify that an address is valid. This is good in that it allows
a foreign server to check whether an address works before sending mail
to that address. There are problems, though, as we'll discuss below.
The expn command allows someone to telnet to your Sendmail server
and give the server an alias. The expn command expands the alias into
the list of actual recipients. For example, if I have a list called "all-users"
on my machine (quotes not included), someone could use "expn all-users"
to get a list of the email addresses that all-users sends to. If you use a
.forward file, expn will show someone the real forwarding destination of
mail sent to you. One can expn root to find out who reads mail sent to
the administrator of a system, for example, or to find out the members
of a mailing list.
Why EXPN and VRFY Should Be Disabled
If anyone can verify that an address is valid, spammers have a very easy
time decided who to send mail to. Worse yet, many attacks on networked
computers begin by finding a valid account name on the machine. (This is
why a UNIX machine won't tell you whether it was the login name or the
password that was mis-typed if you fail to log in.) VRFY allows an attacker
to keep trying email addresses until he or she finds one that works. This isn't
as difficult a process as it sounds, given that some patterns of login names
(first name, last name, first initial and last name, etc.) are very widespread.
The EXPN command is even more dangerous. Many computers have lists
for all, staff, users, or the like. By guessing and expanding those lists, a
spammer or attacker gets the names of several of the users of the machine.
--------------------------------- */
$deliverable = false;
$state = "RCPT? $recepient $newaddress";
p ($state);
}
}
}else{
$state = "$mailserver not accepting mail now, please try again.";
p ($state);
}
//}else{
//$state = 'mailserver not greeting me';
//break;
//}
}else{
$state = "$mailserver not listening";
p ($state);
}
return $state;
}
// ---------------------------------------------------------
// -----------------------------------
echo "<br>------<b>Good Email</b>-------<br>";
$email = "Steve@crapola.us";
checkemail( $email );
echo "---done--<br>";
//-------------------------------
echo "<br>------<b>bad domain</b>-------<br>";
$email = "steve@crapola.uxs";
checkemail( $email );
echo "---done--<br>";
// -----------------------------------
echo "<br>------<b>Good Domain, Bad email</b>-------<br>";
$email = "Stevex@crapola.us";
checkemail( $email );
echo "---done--<br>";
?>
