Smartermail with plesk, PHP Mailer, PHP mail - Configuration help needed
Question asked by Mike Ingram - August 19, 2016 at 8:14 AM
Answered
Hi. I moved to a different server with plesk and no longer wanted Plesk to control smartermail so I removed all mail options from plesk. Well of course in my brilliance I did not think about contact forms etc coming from websites that use PHP mail to send email. SO, what is the best way to configure PHP mail to work with smartermail as an MTA??
 
I want to make sure that I do not leave anything open from a security standpoint. Just need some direction on the BEST way to do this! I have Server 2012r2 and newest and latest Smartermail Enterprise.
 
THANKS in advance!

7 Replies

Reply to Thread
0
Scarab Replied
Marked As Answer
You should be able to set in your PHP.INI (or USER.INI depending on your PHP installation) the following lines:
 
[mail function]
SMTP = smartermail.yourdomain.com (whatever the FQDN of your SmarterMail server is)
smtp_port = 587
username = "panel@yourdomain.com"
password = "Pa$$w0rd"
sendmail_from = panel@yourdomain.com
;mail.force_extra_parameters =
mail.add_x_header = On
mail.log = "D:\Logs\php_mail.log"
 
Just make sure that the Username & Password you set are a valid user in your SmarterMail configuration.
 
From a security standpoint, since it is trivial for PHP Contact Forms to be compromised or for PHP scripts to be uploaded to directories with IUSR Write access (such as WordPress /content/uploads directories) what I personally do for our Web Servers is in the primary PHP.INI I set a Username/Password/SendMail_From that is on my SMTP Blocked Senders list in SmarterMail so that by default PHP Mail cannot be sent out through SmarterMail unless tenets are using SMTP Authentication in their PHP applications. For those that can't use SMTP Authentication, then in each of those tenet's wwwroot directories I have a USER.INI that has the unique Username/Password/SendMail_From for that site. That way, if one site is compromised it is easily identifiable which one it is, should be throttled/rate-limited by SmarterMail, and it doesn't affect the reputation of all other hosted domains.
0
Mike Ingram Replied
Thanks for your direction on this sir!
0
Mike Ingram Replied
In this case, would you suggest allowing smtp relay of local users to smartermail with authentication and add the credentials into the php.ini OR set up a bypass for the server IP or localhost itself since the forms are on the local server and it is a mail/website host server?

Thanks again Scarab!! Great information for making this work since I am not a fan of plesk and smartermail playing together...
0
Mike Ingram Replied
I guess you really answered the question in your post - sorry. You use authentication in the .ini, so you must be using a relay?
0
Hemen Shah Replied
Hi Scarab,
 
What incase where primary php.ini being used and no smtp details in php.ini, thus every user is forced to use smtp auth by ways of plugins/extensions for cms based platforms or coding for others.
 
if i wish to allow phpmailer scripts which default takes php.ini settings (in my case settings dont exist) but want domain specific, as you said you use user.ini (domain/user specific) how is that ?
 
Thanks
0
Hemen Shah Replied
Hi Scarab,

What incase where primary php.ini being used and no smtp details in php.ini, thus every user is forced to use smtp auth by ways of plugins/extensions for cms based platforms or coding for others.

if i wish to allow phpmailer scripts which default takes php.ini settings (in my case settings dont exist) but want domain specific, as you said you use user.ini (domain/user specific) how is that ?

Thanks
0
Steve Guluk Replied
How did you avoid the default SMTP server from getting the PHP form generated email?

I set the php.ini with the settings as noted and it's generating beautiful logs but not sending via SmarterMail. It still sends via default server SMTP.

Reply to Thread