0

I am having the following error in PHPMailer:

SMTP Error: data not accepted.SMTP server error: DATA END command failed Detail: STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message Cannot submit message.

I am using the following:

public function sendEmail($conn, $user, $to_email, $subject, $messageToSent)
    {
        //Check if user exists
        $exist = $this->checkIfUserExist($conn, $user);
        $from = $this->getUserEmail($conn, $user);
        if($exist['exist'])
        {
            // Please specify your Mail Server - Example: mail.example.com.
            //$mail = new PHPMailer\PHPMailer();
            $mail = new PHPMailer\PHPMailer\PHPMailer;                // Passing `true` enables exceptions
            $message = "success";
            try {
                //Server settings
                $mail->SMTPDebug = 2;                                 // set it to 2 to Enable verbose debug output
                $mail->isSMTP();                                      // Set mailer to use SMTP
                $mail->Host = 'smtp.office365.com';                   // Specify main and backup SMTP servers
                $mail->SMTPAuth = true;                               // Enable SMTP authentication
                if($from=='' || $from==null || $from=="NULL")
                {

                    $mail->setFrom('i@abc.org');
                }
                if($from!='')
                {

                    $mail->setFrom($from);
                }
                $mail->Username = 'i@abc.org';     // SMTP username
                $mail->Password = 'xyz';                         // SMTP password
                $mail->SMTPSecure = 'tls';                            // Enable TLS encryption, `ssl` also accepted
                $mail->Port = 587;                                    // TCP port to connect to
                //$mail->AuthType = 'PLAIN';
                //Recipients
                //$mail->setFrom($user.'@abc.com');
                //$mail->setFrom($from);
                $mail->addAddress('i@abc.org');     // Add a recipient
                //$mail->addAddress('ellen@example.com');               // Name is optional
                $mail->addReplyTo('info@example.com', $subject);
                //$mail->addCC('cc@example.com');
                //$mail->addBCC('bcc@example.com');

                //Attachments
                //$mail->addAttachment('/var/tmp/file.tar.gz');         // Add attachments
                //$mail->addAttachment('/tmp/image.jpg', 'new.jpg');    // Optional name

                //Content
                $mail->isHTML(true);                                  // Set email format to HTML
                $mail->Subject = $subject;
                if($from=="i@abc.org")
                {
                    $mail->Body = $messageToSent. '<p>The user asking for password recovery does not have a valid email. Thus, the sender will be shown as sent from the admin email. The user have the following ID: </p><h3>'.$exist['user_id'].'</h3>';
                }
                else
                {
                    $mail->Body = $messageToSent. '<p>The user have the following ID: </p><h3>'.$exist['user_id'].'</h3>';

                }
                $mail->AltBody = 'Please take actions according to needs.';

                if($mail->send())
                {
                    echo json_encode($message);
                }
                else
                {
                    echo json_encode($mail->ErrorInfo);
                }

            } catch (Exception $e) {
                echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo;
            }
        }
        else
        {
            echo json_encode("UserDoesntExist"); 
        }

    }

I've read here that the $mail->Username and $mail->setFrom should be the same, but in this way, we should get passwords for each email to change $mail->Password.

alim1990
  • 4,656
  • 12
  • 67
  • 130

1 Answers1

4

The clue is in the name of the exception: SendAsDenied; it's saying you cannot use anything other than your Username as the From address, especially not arbitrary (forged) addresses.

If you want to avoid forgery problems, send from your admin address, but set the user's address as a reply-to. That way you're not forging, and replies will go to the right place.

Synchro
  • 35,538
  • 15
  • 81
  • 104
  • So why is that. Is it logic to send an email from the same email, to the same email ? How online systems work though ? I usually receive emails from facebook lets say to my email. – alim1990 Feb 21 '19 at 06:30
  • The to address isn’t the problem - it’s the from address. When Facebook sends you an email, they don’t claim to be you. – Synchro Feb 21 '19 at 06:46
  • Yes, but you're sending through O365, which doesn't allow you to send from any address other than your account address. Are you trying to send from each user address using their own O365 credentials? If so, that's a different issue, but probably something you shouldn't be attempting. – Synchro Feb 21 '19 at 09:01
  • Yes. I get it. I can make a solution, by prompting the user to add his password before sending the email and bind it to the method. You are right. But anyway, I am allowed to check the passwords of each email on my network as I am the admin, and we have local networks, so it is safe to send the password through the cable as long as we are offline. – alim1990 Feb 21 '19 at 09:16