why didn't i need a password for mail()?

eclipsevtb

😕 why didn't i need a password for mail()?

i have mail() function working perfectly with my isp email and localhost (win xp). i only changed 2 lines of the php.ini

smtp = mail.domain
sendmail_from = myemail@domain

i also put my script on a paid web host and it worked as well. obviously i didn't have access to their php.ini.

i tried phpinfo() and found that they have "smtp = localhost"... what is that mean?

here's my question. why didn't i need a password to send email? 😕

Herk

Honestly, I don't think I fully understand the problem.

If you don't have access to the php.ini and cannot change those variables, then by default it would be set to "localhost", like you said and use the local sendmail path. So, why would you need a password? I've never had to use one, unless recieving mail.

eriksmoen

because it is being called from a local file (your php script). most "users" created on or by the system are able to use the mail function, along with others. much like your login, the php uses its own "login" and therefore has access to the mail() function. Hopefully that answers it.

justsomeone

Mail uses a very old protocol from the early days, before security was a major deal. Mailservers were generally happy to forward on mail from anyone to anyone. Rather than being seen as a security issue, this was seen as a way of adding redundancy onto the syste, If your usual mailserver was in a bad state, you could just hitch a lift on another one.

You just contacted any mail server and asked it something like "Hey, can you send on a mail for me. From John@catsarebetterthandogs.com to Mary@nowaydogsrule.com, and the message is "Yay cats!".

Of course things have tightened up somewhat now, but mst mailservers are still configured to allow anyone on their domain to send mail through them. So when you try to send mail from a PHP script, it is the user which is running the PHP script (nobody, apache, or someone like that) who is actually contacting the mail server on yur behalf, and they have the right to send mail. This is up to your sysadmin though, and could change.