Deactivation phpmail


We end with use of phpmail from dec 14th 2016, after 18 months of sensibilization.

Phpmail (named 'mail' or 'mail send' in linux)  is used to send mainly your order notifications, contact form, and some other mails from some modules. This has nothing to do from sending mail from client mail software with pop/imap settings

Issues are more and more numerous these last times with hacked sites/php scripts, sending after big amount of spam emails, it is also used to take control of your website by sending back via phpmail to hacker the login/password of the admin of your site, finally : these mails often fall in spam filters of major email providers like yahoo, gmail, hotmail... Damages on sending IP of server are important when undesired events, causing deliverability issues, so be warned that we are not tolerant with this.

phpmail is being deprecated for years already (a real PHP exploit like file_uploads which facilitate file injections for hackers, see our dedicated article), it is time to make it unable to damage websites.

See our screenshot below :
We have disabled phpmail at user level account in cPanel and server level by disable_functions in php.ini of your cpanel in : Selector php/switch to PHP options, by adding for now : ",mail".  You can remove ',mail' if you wish to use phpmail temporarily, but note that we can end your services if we find out that you use permanently, or that you forgot to deactivate it after activating it, so be very careful..

The single solution is to use smtp settings, see our dedicated article : sending mails from your sites and scripts, use simply port 25 or 587 and non-encrypted (fine for local)

PHPmail php.ini