OK, I move PHPMailer directory to the root. It was still l returning a 500. I looked in the error log, and even though I was die-ing the script (as per @wake689 's suggestion above) its falling over on the line below it!
The error is
[Tue Nov 23 18:42:51 2021] [error] [client 217.32.33.106:0] PHP Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /home/sites/###.com/public_html/PHPMailer/src/Exception.php on line 23
The code:
echo "Got here";
die;
/**
* PHPMailer Exception class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2020 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
I would have thought the code would have stopped executing after the die.
Anyway, I can now target that script (which is good) but now I have this new error (which is bad).
Does PHP notice this while parsing the script file before it starts actually executing, and that’s why you are getting this problem? Move the echo and die to after all the namespace instructions and see if it makes any difference.
I wasn’t suggesting you should add that to your code, I was saying that I think it is already set to that value, so I don’t think there is any difference between setting SMTPSecure either to the string 'tls' or to the constant STARTTLS - my point was that they are the same thing.
Yes in theory this is bad practice as it is picked up as spoofing if the receiving server checks the SPF record as you found.
Rather than having to setup email addresses on the server etc the best way is to use the ‘Reply to’ header which should allow you to set the correct ‘From’ address from a single registered email on your server and then set ‘Reply to’ whatever you want e.g a users email.
Having said that sometimes the receiving server isn’t setup correctly.
A while back I built a form to allow users to send letters to DEFRA as though it was from their email address. I correctly used our site email as the sender and used the ‘Reply to’ setting to set the users email. DEFRAs server wasn’t configured correctly so failed to use the ‘Reply to’ field. Instead i set the users email to the From address (bad practice) and it was all accepted without a problem, when it should have been rejected. But I had no other way of making it work.