Postman SMTP – Dead!
So I was one of the 100 000+ who suddenly faced having to find an alternate solution to Postman SMTP. Yes, that’s right! If you haven’t heard already Postman SMTP has been removed from the WordPress plugins directory!
We assume it was removed because it contains a publicly known reflected cross-site scripting (XSS) vulnerability that has not been fixed.
– says Dan Moen, Wordfence.
Apparently the plugin hadn’t been updated in over 2 years, which is a bit of a shame really considering there were 100 000+ installations and it was the only plugin that properly managed OAuth 2.0. Read the full story HERE.
My Experience With Postman SMTP
I had Postman SMTP installed on a number of clients sites. It was my go to solution for clients having wordpress mail troubles. Often I’d get clients telling me mail sent from their site wasn’t getting to a customer, or they weren’t receiving enquiries via their contact form. Boom! Login, install Postman SMTP, run setup wizard, all troubles gone, no worries.
Almost all of my clients websites are hosted with Godaddy. It’s just become a norm; I know Godaddy’s Cpanel inside out and they make it very easy to mange multiple clients’ websites. Plus the support is great!
I also get all my clients to run their business mail through G Suite. It’s just the best mail and user management solution out their in my opinion.
So this is where the problem arises. I only discovered recently:
Popular US hosting provider GoDaddy imposes very strict (to the point of becoming almost useless) constraints on sending an email. They block outbound SMTP to ports 25, 465 and 587 to all servers except their own. This problem is the subject of many frustrating questions on Stack Overflow. If you find your script works on your local machine, but not when you upload it to GoDaddy, this will be what’s happening to you. The solution is extremely poorly documented by GoDaddy: you must send through their servers, and also disable all security features, username, and password (great, huh?!), giving you this config for PHPMailer:
$mail->isSMTP(); $mail->Host = 'relay-hosting.secureserver.net'; $mail->Port = 25; $mail->SMTPAuth = false; $mail->SMTPSecure = false;
GoDaddy also refuses to send with a ‘from’ address belonging to any aol, gmail, yahoo, hotmail, live, aim, or msn domain (see their docs). This is because all those domains deploy SPF and DKIM anti-forgery measures, and faking your from address is forgery.
You may find it easier to switch to a more enlightened hosting provider.
– Marcus Bointon, posted to Github.
So Postman SMTP was the only plugin that had no issues with the above. It just worked with all hosts who actively block SMTP ports, and has the capability to deliver over HTTPS as well. Marcus is literally the only person I’ve found to point out the obvious relationship problem between Godaddy (and other hosts) and G suite. Postman SMTP was the only plugin to resolve the issue.
There are a lot of SMTP plugins out there, choosing one that’s easy to setup and actually works with your hosting is another story. As a small business, to manage a few emails each month, no one wants to pay $20+/month to Mandrill or Mailgun. Why has no one else made a solid solution like Postman SMTP? I have tried them all! GMail SMTP, Easy WP SMTP, WP Mail SMTP, etc. They take a lot of fiddling and do end up working out but they’re alway a nightmare to work with.
You can read all Marcus has to say regard Troubleshooting PHPMailer Problems HERE.
The Solution & Replacement For Postman SMTP
Luckily for us a man who goes by the name of yehudah has become a proper guardian angel. He basically resolved all issues with Postman SMTP and repackaged the plugin as Post SMTP. Post SMTP is open source and free to use. It does all the glorious things Postman SMTP did and my only hope is that is stays current and up to date.