Viewed   161 times

Suddenly have started receiving the above error without any changes having been made to the script.

Host is 1and1 (I know...)

The script still works fine on a different server, and so my suspicion is that there must have been some server config change that has lead to this, although the hosts plead ignorance.

There's no information on the above error at all in Google that I can find - does anybody have any ideas? Server is running Apache if that helps.



Had just the similar problem.
It came out of the blue. No PHP Code was changed.

What was changed: PHP was upgraded 5.5.25-1 to 5.5.26.

A security risk in PHP mail() function has been fixed and extra newlines in additional_headers are allowed no more. Because extra newlines mean: now starts the email message (and we surely don't want somebody to inject some newlines through headers followed by an evil message).

What previously have worked fine, e.g. just having extra newlines after headers or even passing the whole message to additional_headers, will function no more.


  • Sanitize your headers. No multiple newlines in additional_headers argument. These count as "multiple or malformed newlines": rr, r, rnrn, nn, n.
  • Use additional_headers for headers only. Email message (multipart or not, with ir without attachments, etc) belongs in message argument, not in headers.

PHP Security Bug report:
C Code diff how its fixed:;a=blobdiff;f=ext/standard/mail.c;h=448013a472a3466245e64b1cb37a9d1b0f7c007e;hp=1ebc8fecb7ef4c266a341cdc701f0686d6482242;hb=9d168b863e007c4e15ebe4d2eecabdf8b0582e30;hpb=eee8b6c33fc968ef8c496db8fb54e8c9d9d5a8f9

Monday, December 19, 2022

As was determined in the comments above, this was caused by an environmental difference - the HOME env var was set differently inside the executed process. Using proc_open instead of simple exec gave more precise control over said process and explicitly setting that env var solved the issue.

Saturday, October 8, 2022

You can make a .htaccess file and enter Options -Indexes this will disable listing of the files in the directory.

If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER'] to see if the traffic originates from your site.


Oh I forgot you can actually fix it all in the .htaccess:

Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^*$ [NC]
RewriteRule ^.* /403-page [L,R]

This will do all the work of the script I suggested, so you won't need it anymore.

Friday, August 19, 2022

I think your problem is related with n and QMAIL, the mail function documentation state this.

Note: If messages are not received, try using a LF (n) only. Some poor quality Unix mail transfer agents replace LF by CRLF automatically (which leads to doubling CR if CRLF is used). This should be a last resort, as it does not comply with ยป RFC 2822.

so you if you header are separated by rn you could probably replace those by single n.

This bug report also provide a solution using a script.

Sunday, August 14, 2022

Your problem is that you're trying to send message body as headers, as mentioned in the comments to your question.

Trying to send MIME mail attachments via mail() is probably considered torture in some countries. There are plenty of libraries to do this for you, I use the PEAR Mail_Mime package.

function mail_attachment($filename, $mailto, $from_mail, $from_name, $replyto, $subject, $message) {
    $headers = [
        "From"=>"$from_name <$from_mail>",
    $msg = new Mail_mime();
    $mail =& Mail::factory("smtp");
    $msg->addAttachment(file_get_contents($filename), "application/pdf", basename($filename), false);
    $body = $msg->get();
    $headers = $msg->headers($headers);
    $mail->send($email_address, $headers, $body);
Wednesday, August 3, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :