Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

OSC 2.3.4 bs and SMTP email


brian_cee

Recommended Posts

Site rebuild/upgrade from 2.2 to 2.3.4 almost done.....everything looking good until I make entire site SSL.....then emails don't work. Most of the threads I Google up are years old and refer to older versions of OSC......With Bootstrap, is it still the way to go to install PHPMailer so that OSC can send SMTP mail over SSL? When I try to send mail from the site, the bounces have that error about:  SMTP error from remote mail server after end of data:     550 Messages should have one or no To headers, not 2. Because the return path and "To" don't match.....

And when I run a test of my mail servers with MXtoolbox.com, it says the SMTP server is disconnected, as well as other SMTP-related warnings...

Seems like SSL jacked everything up, mail-wise........I tried to find SMTP-related addons that folks mentioned they were working on years ago, and came up empty.......If anyone cares to point me in the right direction for 2.3.4BS, I say thanks in advance.....

Link to comment
Share on other sites

7 hours ago, Dan Cole said:

Is it a return path issue?

Dan

I think it might be several issues, but the return and the To don't match in the headers of the bounces. I also have not installed PHPMailer....So I don't know if installing that would fix all the issues or if I need to install that to start, and still have return path issues besides that.....So instead of just stabbing around at crap I don't understand, I thought I'd throw out a lifeline. I was kind of hoping the answer would be, "Just install PHPMailer and it fixes all that crap," or something. I know it's not that simple, but when I'm this lost I throw myself at the mercy of the forums....

Link to comment
Share on other sites

To clarify, in that thread you linked to, you added other changes besides the ones mentioned by wdepot's addon/fix...You said:

The contribution referenced here solves the problem when calling the tep_mail function but not when you create a new instance of the email class as one of my favorite contributions does. The email header seems to be set when the instance is created so I made the following change...

// $mimemessage = new email(array('X-Mailer: osCommerce System Mailer'));

$mimemessage = new email(array('X-Mailer: osCommerce System Mailer','Return-Path: <' . STORE_OWNER_EMAIL_ADDRESS . '>'));

 

So, did you add those lines in addition to the lines he mentioned, or instead of, or something else?

And, do I still need to install PHPMailer in order to send SMTP mails from OSC? On my old OSC 2.2 site, I never sent any mail from the server, I did everything from hotmail/gmail, so I am learning the mail functions from scratch, so I think I don't understand it even a little, so what may seem too obvious for you to mention might shine a light on my whole problem.......

 

Link to comment
Share on other sites

It has been awhile but I think I added that line in addition to wdepot's fix....if you google for it there is another thread on the Return Path issue that might be a little more helpful.   As I recall I'm just using the standard osC mail function with those return path changes.  My email transport method is just set to sendmail.

Dan

Link to comment
Share on other sites

Now I think I know why people use PHPMailer and SMTP, I see that if you want to not let your site's IP address be seen in headers of emails sent to customers (or hackers posing as customers) you need to use a different mail server than what your site is hosted on.

Kind of pointless to use Cloudflare to hide your host and IP if you are going to mail that info to anybody that wants to know.

Does anyone know if that's the only way to not pass your host and IP along in mail headers?

 

Link to comment
Share on other sites

47 minutes ago, brian_cee said:

Does anyone know if that's the only way to not pass your host and IP along in mail headers?

Have you been down this road?

 

Link to comment
Share on other sites

1 minute ago, Dan Cole said:

Have you been down this road?

 

I have seen that, but I don't have a problem with the renamed admin showing up in mail headers, but I don't need attackers knowing my host and IP address, so I didn't go too far down that road........

Link to comment
Share on other sites

Huh?  Don't you need to include your IP etc in your headers to reach the recipients inbox these days?  I'm probably wrong but won't messing with that just get you in their spam box or worst yet, just trashed by the recipients host?

Dan

Link to comment
Share on other sites

43 minutes ago, Dan Cole said:

Huh?  Don't you need to include your IP etc in your headers to reach the recipients inbox these days?  I'm probably wrong but won't messing with that just get you in their spam box or worst yet, just trashed by the recipients host?

Dan

I don't know anything about anything, but I bug people who do by asking them enough questions to start thinking I might have a clue. And I think the main reason folks use Cloudflare is to mask their IP, so it can't get attacked. But to send mail, I think you have to have a third party SMTP mail server, so they can attack that, but not your site itself, just the mail server.

Link to comment
Share on other sites

I know nothing about nothing too and the minute I think I do, I realize I don't, but I think you've making this way to tough.  It would never have occurred to me to worried about that.   You can get a sites IP by just typing in the website address at places like http://get-site-ip.com/ so I'm not sure hackers are going to go the trouble of joining your email list or whatever to hunt down your IP. 

Dan 

Link to comment
Share on other sites

7 hours ago, Dan Cole said:

I know nothing about nothing too and the minute I think I do, I realize I don't, but I think you've making this way to tough.  It would never have occurred to me to worried about that.   You can get a sites IP by just typing in the website address at places like http://get-site-ip.com/ so I'm not sure hackers are going to go the trouble of joining your email list or whatever to hunt down your IP. 

Dan 

If one has properly configured their Cloudflare settings, http://get-site-ip.com/  will only return a Cloudflare IP, not the domain name that you typed in. That's the whole purpose of Cloudflare for most folks that use it, and that's the main complaint certain types have about CF, that they protect unpopular websites that people would like to attack, but can't, because they don't know, and can't find out, the domain's IP address.

Link to comment
Share on other sites

That's interesting....thanks for taking the time to explain.  Now I know something.  :biggrin:

I'm surprised they don't also offer some type of service to deal with the email issue you described ie offering up a Cloudflare IP but perhaps the nature of what they are doing prevents them from doing that. 

Good luck getting it figured out.

Dan   

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...