Possible fix when e-mails sent via phpBB are treated as spam

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
z.ukosa
Registered User
Posts: 21
Joined: Tue Sep 04, 2018 2:59 pm

Possible fix when e-mails sent via phpBB are treated as spam

Post by z.ukosa » Tue Nov 20, 2018 4:06 pm

Hi All, I’m a fairly new user of phpBB and I want to share something possibly useful to beginners, as I couldn’t find it in the support forums.

E-mails sent by phpBB were often treated as spam (tested with registration and password reset e-mails). These e-mails were sent using native, PHP-based email service. In other words, the option “use SMTP server for email” was set to “no” in ACP, as it is by default.

“Contact e-mail address” and “from e-mail address” were both set to be “forum@mydomain.com” so I thought I was all good.

I used https://www.mail-tester.com to see what’s going on, and the reason for my e-mail being considered as spam was as follows: “We didn't find a mail server (MX Record) behind your domain name”. Additionally, there was a bounce address pointing to my host company server, not to my domain. My e-mail got only 5.6 out 10 points.

Precise explanation of what was going on is beyond my skills, but as I understand it, the e-mail appeared to be sent by the hosting company server, not by “mydomain.com”. Mydomain.com has a proper MX Record, but the e-mails sent by phpBB could not make use of it.

The solution suggested by my hosting company (Fastcomet) was to use the SMTP and it worked perfectly! Mail-tester.com gives 10/10 points to the same e-mail sent by phpBB using SMTP server.

To sum it up: if you’re having issues with phpBB e-mails treated as spam, try using SMTP server for e-mails, even if you’re not using any external e-mail service.

Note also that the phpBB documentation reads: (in “SMTP Settings”) “If you are not sure that you have an SMTP server available for use, set this to No; this will make your board use the native, PHP-based email service, which in most cases is the safest available option.”

I don’t know about the security implications of my choice, I use SSL for SMTP.

I would be grateful if someone with more expertise could comment on what I wrote above. Does it all sound sensible? Do you think this is a good solution? Did I put my e-mail account at risk by using SMTP server? Any other implications?

Marek

User avatar
Lumpy Burgertushie
Registered User
Posts: 66320
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Possible fix when e-mails sent via phpBB are treated as spam

Post by Lumpy Burgertushie » Tue Nov 20, 2018 7:41 pm

that system has been the standard way since phpbb has been around. it provides two different methods. in most cases with most host companies, the native php works just fine and using a email address like you@yourdomain.com is what works the best.

your host seems to have a little different settings than most. since the beginning of phpbb the option to use smtp instead of the native php mail was suggested if the native php did not work.

so, you just discovered which way works for you with your host setup etc.

good work.

phpbb does not send email, it only gives you two different options of how to use whatever email service your host provides for you.

secure or not does not matter to phpbb only what the host requires or what you want to use.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
EA117
Registered User
Posts: 631
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Possible fix when e-mails sent via phpBB are treated as spam

Post by EA117 » Wed Nov 21, 2018 9:16 am

z.ukosa wrote:
Tue Nov 20, 2018 4:06 pm
The solution suggested by my hosting company (Fastcomet) was to use the SMTP and it worked perfectly!
There are essentially three different ways in which sending mail from phpBB could be configured:
  1. "Use SMTP server for email" set to "No", which means phpBB will invoke the PHP mail() function. Which in turn, your hosting provider has configured the PHP mail() function invoke a local application (typically "sendmail") to take the message information supplied (to address, subject, message, requested headers) and create the actual SMTP-format message using this information.

    The default "From:" to be used in this configuration is also configured by the hosting provider, although phpBB offers the "Force from email address" setting. If enabled, this option will attempt to invoke the "sendmail" command line option "-f address" to request that your board's "from" email address be used instead, if that's different than what your host was already defaulting to.

    The "sendmail" application (or whatever the hosting provider is using) then connects to an SMTP server of the hosting provider's choosing, which is typically an SMTP server owned by the hosting provider. Which is an SMTP server they control and use to implement spam filtering and other abuse protections for customers who are attempting to send email using the hosting provider's servers.
    • "Use SMTP server for email" set to "Yes", but "SMTP server address and protocol" is set to "localhost". In this configuration, phpBB is constructing all of the SMTP message headers and content itself. And is connecting to the SMTP server itself, and handling both the commands and errors returned by the SMTP server itself. There is no PHP mail() or sendmail layer handing any of these, and its all directly performed by phpBB code.

      But, because the SMTP server specified to connect to is "localhost", phpBB is ultimately providing this SMTP message to the mail handler running on the server where phpBB is running. Which is an SMTP server/forwarder controlled by the hosting provider, and would ultimately go through the same hosting provider-controlled spam filters and outbound mail abuse protections.
      • "Use SMTP server for email" set to "Yes", but "SMTP server address and protocol" is set to an external SMTP server. In this configuration, now phpBB is sending the SMTP message it constructed to some "outside" SMTP server, which you are authorized to use and authenticate to using the other SMTP-related settings in "SMTP settings" (port, username, password, etc.).

        In this case the email being sent will be subject to the spam filters and abuse protections according to the policies of whomever runs the external SMTP server you're connecting to. The hosting provider for your phpBB server doesn't control any part of the mail sending process at that point, except to the extent that they might simply block outbound IP connections to any SMTP server (e.g. port 465, port 25).
      So the question in your case, where "my hosting company said to use the SMTP, and it worked!", is "to which SMTP server?"

      If they suggested you use some external SMTP server, which would require authentication information in the phpBB "SMTP settings", then indeed you could now be bypassing the hosting provider's own filtering and abuse protections entirely, which were restricting the email from being sent.

      If they suggested you enable SMTP but simply use "localhost", then the implication there is that the phpBB SMTP message creation code is going to be different and better in some way, instead of whatever the hosting provider had configured to happen with PHP mail(). The created SMTP message is still being dropped into an SMTP server that is under the hosting provider's control either way. It feels a little like "there is an issue we could solve in the SMTP message generated by our sendmail or PHP mail() configuration, but instead we'll have you work around that problem by having phpBB generate the SMTP message instead."
      z.ukosa wrote:
      Tue Nov 20, 2018 4:06 pm
      Does it all sound sensible? Do you think this is a good solution? Did I put my e-mail account at risk by using SMTP server? Any other implications?
      As Robert described, there is nothing unusual about phpBB board admins finding that one or the other of the three possible configurations listed ends up being what's necessary for successfully sending email. Because that is going to vary based on how the hosting provider has things set up, and what email address you're actually trying to use as the forum email address. No one configuration can be literally correct for all cases.

      The only way I see for anything to be put "at risk" in the choices here is if you setup to use an SMTP server that requires authentication, but do so without being able to specify that TLS/SSL will be used for the connection. Because at that point you would be transmitting your SMTP server authentication information in clear text, and anyone able to intercept the IP traffic could potentially read it.

      (Note that doesn't apply to "SMTP server set to localhost", because the IP traffic never actually goes out across any network. But typically authentication is not required when using the SMTP server on the local machine, anyway.)

      So no, although you haven't told us what kind of SMTP configuration they actually had you implement in phpBB, it's unlikely that anything has been put at risk by this change. And the difference in the possible configurations is all about "what is going to work" or "what is going to be required" for a given hosting provider's mail handling environment & email address you're using as the board's email address.

      z.ukosa
      Registered User
      Posts: 21
      Joined: Tue Sep 04, 2018 2:59 pm

      Re: Possible fix when e-mails sent via phpBB are treated as spam

      Post by z.ukosa » Mon Nov 26, 2018 10:50 am

      thanks for your replies, my host (FastComet) suggested I use SMTP via their server which is "uk6.fcomet.com". I'm not sure if this is the "localhost" solution that was mentioned by EA117. Anyway, I use SSL for SMTP authentication.

      Interestingly, I was now able to test the e-mails sent by phpBB on SiteGround, which is a far more popular hosting provider. And the issue was the same as described in my first post! I.e. the PHP mail() function without using SMTP made it very likely that a mail generated by phpBB would be treated as spam. And the more I think about it, the more sense it makes, because how can the hosting provider be sure that phpBB is authorised to send e-mails using a particular e-mail account/address if no password to this account/address is given by phpBB when sending e-mail?

      Of course, the bottom line is that phpBB offers all the solutions that we need, which is great. What I'm aiming at is to leave this post to other users, as my (admittedly short) experience shows that it's best to use SMTP and avoid the default PHP mail() function. In any case, after setting up your board, test e-mails sent by it on a website such as www.mail-tester.com

      Marek

      Post Reply

      Return to “[3.2.x] Support Forum”