How to change envelope from address using PHP mail?

I am using PHP with Apache on Linux, with Sendmail. I use the PHP mail function. The email is sent, but the envelope has the Apache_user@localhostname in MAIL FROM (example [email protected]) and some remote mail servers reject this because the domain doesn't exist (obviously). Using mail, can I force it to change the envelope MAIL FROM?

EDIT: If I add a header in the fourth field of the mail() function, that changes the From field in the headers of the body of the message, and DOES NOT change the envelope MAIL FROM.

I can force it by spawning sendmail with sendmail -t -odb -oi -frealname@realhost and piping the email contents to it. Is this a better approach?

Is there a better, simpler, more PHP appropriate way of doing this?

EDIT: The bottom line is I should have RTM. Thanks for the answers folks, the fifth parameter works and all is well.


Solution 1:

mail() has a 4th and 5th parameter (optional). The 5th argument is what should be passed as options directly to sendmail. I use the following:

mail('[email protected]','subject!','body!','From: [email protected]','-f [email protected]');

Solution 2:

PHP Official documentation for mail()

bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )

...

additional_parameters (optional)

The additional_parameters parameter can be used to pass additional flags as command line options to the program configured to be used when sending mail, as defined by the sendmail_path configuration setting. For example, this can be used to set the envelope sender address when using sendmail with the -f sendmail option.

This parameter is escaped by escapeshellcmd() internally to prevent command execution. escapeshellcmd() prevents command execution, but allows to add additional parameters. For security reasons, it is recommended for the user to sanitize this parameter to avoid adding unwanted parameters to the shell command.

Since escapeshellcmd() is applied automatically, some characters that are allowed as email addresses by internet RFCs cannot be used. mail() can not allow such characters, so in programs where the use of such characters is required, alternative means of sending emails (such as using a framework or a library) is recommended.

The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users.

Solution 3:

You can try this (im not sure tho):

ini_set("sendmail_from", [email protected]);
mail(...);
ini_restore("sendmail_from");

Solution 4:

I would also recommend checking into PHPMailer. It's great for creating and sending email, making the process a lot easier, along with support for SMTP.