MAIL FROM address on PHP form submission

Hi team, Im using hestiacp for past ~5 years. Everything work great.

  • Latest Hestia v.1.5.4
  • Ubuntu 20x
  • Just installed fresh hestiacp

I just installed a new server with fresh hestia installation. Seems the latest PHPMAILER function (OR) may EXIM configs not like previous versions.

If i send PHP form submission with from email headers defined, the recieved email shows always from web hosting account’s admin email. Not followint the defined from email inside my php send file. This is the same file im using on the old server, it follows the defined FROM address but not this new server.

How to replicate:

  • Use any php form submission with below
  • $header .= “From: [email protected]”; // I auto forwarded this mail to my personal GMAIL
  • Check your GMail - it shows the from address as
    [email protected]’ instead ’ [email protected]’ defined in this php form headers.
  • The same domain with same form works as expected but not this new server

Am I missing missing something plz…?

A lot of missing informations: OS, Codename, Exim Version, sample header of a sent mail…

Hi, kindly find the attached image.

As i already mentioned…
Hestia version is latest 1.5.4
OS : Ubuntu 20.04
EXIM : version 4.93 #3 built 28-Apr-2021

thank you

It is caused by:

I would suggest using phpmailer instead of the default mail function.

Ok noted. Thank you. :wink:

See my answer about Exim rewriting

:grinning: :smiley:
The root cause already explained well by @eris .

Sorry… How it can be considered as spoofing if i send email from inside the real domain with real user account in the same domain ?

The root cause already explained well by @eris .

It’s ok just trying to help. If you’re not using HestiaCP as your mail server E.g: Office365 or Exchange. It will be Spoofing… You can add HestiaCP ip to SPF Record but it’s not recommended for your organization security.

Thank you @schiwe

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.