By WordPress default settings, anyone who knows WordPress blog administrator’s email address can put this address in comment required field, and make comment without being moderated as if he was the administrator. I think it is very bad design of authentication. It worries me a lot although none of my blog users pretend to be… Continue reading Is it a serious security leak for WordPress bloggers?
I use phpList to send newsletters to customers. I recently add bounced messages automatic processor, which require a seperate email address to accept bounced messages. Bounced messages are sent to From address if no Return Path is set in email envelope. Email programs such as outlook are not suitable to serve as a newsletter program… Continue reading Authsmtp verify Return Path address as well
想要phpList process bounce messages，邮箱却只支持SSL POP (port 995, 如gmail)？没问题。 config.php 作以下设置： $bounce_protocol = ‘pop’; $message_envelope = ‘email@example.com’; $bounce_mailbox_host = ‘pop.gmail.com’; $bounce_mailbox_user = ‘firstname.lastname@example.org’; $bounce_mailbox_password = ‘password’; $bounce_mailbox_port = “995/pop3/ssl/novalidate-cert”; 我本还担心phpList 不能从gmail上pop出bounce messages，正想着去专门建一个未经SSL处理的POP邮箱，没想到phpList轻易就达到了我的要求。 另外我还发现，按照phpList自己的说法，php必须运行在safe_mode off的环境下才能让phpList 处理bounce messages，但我亲身实验结果显示safe_mode can be on.