[Mimedefang] OT: Don't let this happen to you

David F. Skoll dfs at roaringpenguin.com
Wed Feb 15 11:19:14 EST 2006

PHP's mail() function is completely broken.  It is insecure, and it is
*impossible* to make it secure unless you aggressively sanitize all your

PHP is a truly horrible language (hey, I use it every day, so I should
know...) and mail() stands out as one of the worst things about it.

I wrote a C program called "sendmail-wrapper.c" that makes it possible
to send mail safely from PHP.  It is invoked with no arguments, and reads
lines on stdin specifying envelope sender and recipient(s).  It then executes
Sendmail directly (using execve) so no shell is involved.



More information about the MIMEDefang mailing list