[wp-trac] [WordPress Trac] #27686: DKIM issue with PHPMailer 5.2.4 - upgrade to 5.2.7
WordPress Trac
noreply at wordpress.org
Sat Apr 5 16:26:23 UTC 2014
#27686: DKIM issue with PHPMailer 5.2.4 - upgrade to 5.2.7
--------------------------------+------------------------
Reporter: rocksfrow | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: External Libraries | Version: 3.8.1
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
--------------------------------+------------------------
Changes (by ocean90):
* focuses: ui, accessibility, administration, performance =>
* component: General => External Libraries
* milestone: Awaiting Review =>
Old description:
> Emails sent with the most recent WordPress breaks DKIM. This is a bug
> with PHPMailer 5.2.4. Upgrading PHPMailer to 5.2.7 fixes the issue.
>
> Here are headers from message with 5.2.4 to gmail recipient:
>
> Received-SPF: pass (google.com: domain of user at domain.com designates
> 144.xx.xx.xx as permitted sender) client-ip=144.xx.xx.xx;
> Authentication-Results: mx.google.com;
> spf=pass (google.com: domain of user at domain.com designates 144.xx.xx.xx
> as
> permitted sender) smtp.mail=user at domain.com;
> dkim=neutral (no key for signature) header.i=@domain.com
> .. [headers clipped] ..
> Message-ID: <9686b0680a0a32ec311ee1884d6352bb at www.domain.com>
> X-Priority: 3
> X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org
> /p/phpmailer/)
>
> Here are the headers from message with 5.2.7 (replaced class-
> phpmailer.php in latest source), to same gmail recipient:
>
> Received-SPF: pass (google.com: domain of user at domain.com designates
> 144.xx.xx.xx as permitted sender) client-ip=144.xx.xx.xx;
> Authentication-Results: mx.google.com;
> spf=pass (google.com: domain of user at domain.com designates
> 144.xx.xx.xx as permitted sender) smtp.mail=user at domain.com;
> dkim=pass header.i=@domain.com
> .. [headers clipped] ..
> Message-ID: <d2afb441f25c8c7a8ba0433a0e15c0b6 at www.domain.com>
> X-Priority: 3
> X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
>
> Both messages were properly signed and contained the proper dkim-sig
> header. These two test messages were the exact same 'forgot password'
> message from the WordPress install. I confirmed all updates were
> installed before running this test. I even tested twice, and watched my
> email go to Spam with 5.2.4 due to dkim failure, and then inbox with
> 5.2.7 due to dkim pass.
>
> I am confident about this bug with PHPMailer, because another 3rdparty
> library I use recently made the upgrade to 5.2.7 to resolve the same
> issue.
>
> PLEASE upgrade PHPMailer and put out an update ASAP. My member emails are
> going to Spam because of this. I can fix it by manually replacing class-
> phpmailer.php, but I have a ton of clients who use WordPress as well.
>
> Let me know if you need anymore information. Thanks!
New description:
Emails sent with the most recent WordPress breaks DKIM. This is a bug with
PHPMailer 5.2.4. Upgrading PHPMailer to 5.2.7 fixes the issue.
Here are headers from message with 5.2.4 to gmail recipient:
{{{
Received-SPF: pass (google.com: domain of user at domain.com designates
144.xx.xx.xx as permitted sender) client-ip=144.xx.xx.xx;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of user at domain.com designates 144.xx.xx.xx
as
permitted sender) smtp.mail=user at domain.com;
dkim=neutral (no key for signature) header.i=@domain.com
.. [headers clipped] ..
Message-ID: <9686b0680a0a32ec311ee1884d6352bb at www.domain.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org
/p/phpmailer/)
}}}
Here are the headers from message with 5.2.7 (replaced class-phpmailer.php
in latest source), to same gmail recipient:
{{{
Received-SPF: pass (google.com: domain of user at domain.com designates
144.xx.xx.xx as permitted sender) client-ip=144.xx.xx.xx;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of user at domain.com designates
144.xx.xx.xx as permitted sender) smtp.mail=user at domain.com;
dkim=pass header.i=@domain.com
.. [headers clipped] ..
Message-ID: <d2afb441f25c8c7a8ba0433a0e15c0b6 at www.domain.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
}}}
Both messages were properly signed and contained the proper dkim-sig
header. These two test messages were the exact same 'forgot password'
message from the WordPress install. I confirmed all updates were installed
before running this test. I even tested twice, and watched my email go to
Spam with 5.2.4 due to dkim failure, and then inbox with 5.2.7 due to dkim
pass.
I am confident about this bug with PHPMailer, because another 3rdparty
library I use recently made the upgrade to 5.2.7 to resolve the same
issue.
PLEASE upgrade PHPMailer and put out an update ASAP. My member emails are
going to Spam because of this. I can fix it by manually replacing class-
phpmailer.php, but I have a ton of clients who use WordPress as well.
Let me know if you need anymore information. Thanks!
--
Comment:
> It says fixed, when will this be released as an update?
See http://wordpress.org/news/2014/03/wordpress-3-9-beta-3/.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27686#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list