SendForce Mail Relay -- WordPress 插件

开发者	shiponkarmakar
更新时间	2026年5月13日 02:09
捐献地址:	去捐款
PHP版本:	7.4 及以上
WordPress版本:	6.9
版权:	GPLv2 or later
版权网址:	版权信息

1.0.25

New: Email attachments now work with Amazon SES API mode (and continue to work with Gmail API mode). Previously the SES mailer ignored the $attachments parameter completely — WooCommerce PDF invoices, contact-form file uploads, LMS certificates, and similar plugin-generated attachments would silently disappear when sent via SES. Now they're MIME-encoded and delivered correctly via multipart/mixed. Gmail API mode also routes through the new shared MIME builder so its attachment handling matches.
New: "Multi-Part Plain Text" setting now applies to SES and Gmail API modes. When a connection is in API mode, an HTML email is now sent with both text/html and an auto-derived text/plain alternative (via multipart/alternative). Improves deliverability — Gmail and other inbox providers favour multipart-alternative messages, and plain-text-only mail clients (some IT environments, accessibility tools) get a readable fallback. Previously this setting was silently ignored in API mode.
Fix: Subjects and From-names containing non-ASCII characters (Café, résumé, François, Müller, 주문, etc.) are now RFC 2047 base64-encoded (=?UTF-8?B?…?=) before being sent. Without this, strict MTAs would reject the message and lenient ones would render the headers as garbage.
Refactor: SES and Gmail mailers now share a single build_raw_mime() helper in the base API mailer class. Same MIME format, same encoding rules, same attachment handling — verified against test fixtures covering single-part, multipart/alternative, multipart/mixed (with attachments), Bcc-in-headers (Gmail) vs Bcc-via-API (SES), and non-ASCII headers.

1.0.24

Fix (critical for OAuth users): Microsoft 365 / Gmail "Connect with provider" no longer fails with AADSTS50011 / redirect URI mismatch. Root cause: the authorize URL was built with add_query_arg(), which does NOT URL-encode the values it inserts. The & characters inside our redirect_uri query value were left bare, so Microsoft / Google parsed &tab=settings&sf_oauth=callback as additional top-level query parameters and saw the redirect_uri truncated at the first &. The fix uses http_build_query() with PHP_QUERY_RFC3986 so every value is properly percent-encoded. Affects every OAuth setup whose Web Redirect URI contains more than one query parameter (i.e. all current SendForce OAuth setups). The get_redirect_uri() hardening from 1.0.23 was real but addressed a different scenario; this is the actual cause of the AADSTS50011 reports.
New: OAuth consent now opens in a popup window instead of replacing the settings page. Click "Connect with provider" → a centered 600×720 popup opens with the Microsoft / Google sign-in flow → after consent the popup closes itself and the settings page refreshes with a success notice. You no longer lose your unsaved settings or scroll position.
Graceful fallback: if the browser blocks the popup (popup blocker on, or running in an embedded frame), SendForce falls back to the previous full-page redirect behaviour automatically — no error, no lost flow.
The OAuth callback page is now a small branded "Completing connection…" splash screen with a spinner that signals the parent window via THREE independent channels and closes itself: localStorage event (primary, survives cross-origin opener severance under Cross-Origin-Opener-Policy), postMessage (fallback when window.opener survives), and parent-side popup-closed polling (final safety net — reloads the settings tab so the connection panel refreshes from the DB even if both signal channels fail). This eliminates the "popup closed but status didn't update" issue some users hit when the browser's COOP behaviour broke the opener relationship after returning from Microsoft / Google.
UX: Replaced the remaining native browser alert() / confirm() dialogs in the OAuth flow ("Save the connection first", "Disconnect this account?", error toasts) with the styled sfShowConfirmModal already used elsewhere in the plugin. Consistent look across the admin UI.
UX: Save Connection button now shows an inline spinner and a "Validating data. Please wait…" status message while the connection save is in flight — same pattern FluentSMTP uses. Makes it clear the click registered and the save is in progress, especially on slow networks where the previous "Saving…" text alone wasn't obvious enough.
Fix: Microsoft 365 send failures now show the actual Graph API error instead of a generic "Failed to send email via Microsoft 365 API" message. The Outlook mailer was bypassing the base class's debug-capture helper, so the HTTP status and response body from graph.microsoft.com were never recorded. It now uses make_request() so the real error (ErrorAccessDenied, MailboxNotEnabledForRESTAPI, AADSTS70008 token expired, etc.) is appended to the failure message and stored in the Email Log. Also captures token-endpoint failures from the OAuth refresh flow (previously silent).
Setup help: Rewrote the Gmail and Microsoft 365 OAuth setup instructions in the connection editor to cover the steps users keep getting stuck on — the OAuth consent screen + Test users requirement for Gmail (without which Google returns access_denied "App is being tested"), the separate Authorised JavaScript origins field (origin-only, no path), and an explicit warning about Azure's confusing "Value vs Secret ID" two-column UI for client secrets (the most common AADSTS7000215 cause). Includes the format of valid Client IDs/Secrets so users can sanity-check what they pasted.
Setup help: Added a "JavaScript origin" copy field for Gmail setups, alongside the existing "Web Redirect URI" field. Google's OAuth client form has two URL fields with different requirements; previously SendForce only documented one of them.
Setup help: Added client-side and server-side rejection of GUID-shaped secrets for OAuth providers — pasting an Azure Secret ID into the Client Secret field is now blocked with a clear explanation, both as a live red warning under the field and as a hard rejection on save. Prevents the AADSTS7000215 "invalid client secret" loop where the user repeatedly pastes the wrong column from Azure.
Fix: Zoho ZeptoMail "Invalid API Token found" (TM_4001 / SERR_157) when users paste the full Zoho-enczapikey TOKEN string from ZeptoMail's docs into the Send Mail Token field. The mailer now strips the Zoho-enczapikey prefix automatically before constructing the Authorization header, so both pure-token and full-header paste styles work.
Setup help: Added a per-provider API-key hint rendered inline under the API Key field (where supplied by the provider config). First use: ZeptoMail and Amazon SES fields now explain where to find their credentials, format gotchas, and the verified-domain / sandbox requirements.
Fix: Amazon SES send failures now show the actual SES API error (same fix as Outlook). The SES mailer was bypassing the base class's debug-capture helper, so HTTP status and response body from email.<region>.amazonaws.com were never recorded. It now uses make_request() so real errors like MessageRejected (sandbox, unverified address), MailFromDomainNotVerifiedException, SendingPausedException, or Throttling appear in the failure message and the Email Log.
Fix: Gmail API send and token-fetch failures now surface the actual Google error. Same root cause as Outlook/SES: the Gmail mailer bypassed make_request() for the send call, and silently swallowed token-endpoint errors during the OAuth refresh. Errors like invalidArgument (malformed raw email), failedPrecondition (delegation issue), quotaExceeded, or invalid_grant (refresh token revoked / 90-day expiry) are now surfaced. Also captures pre-flight failures (missing client_id / client_secret / refresh_token) with a clear explanation.
Fix: Mailgun API send failures now surface the actual Mailgun error. The Mailgun mailer bypassed make_request() so errors like "Domain not found", 401 wrong-region, "freemail recipient unsupported", or "Forbidden" never showed in the UI. Switched to make_request() with application/x-www-form-urlencoded body so debug capture works while preserving Mailgun's required form-encoded body format.
Fix: Tolerate users pasting Bearer TOKEN (instead of just TOKEN) into the API Key field for SendGrid, Resend, MailerSend, SMTP.com, and SendLayer. Provider docs typically show Authorization: Bearer xxxxx in their cURL examples, and users frequently copy the whole Bearer xxxxx string. The mailer now strips a leading Bearer if present so both paste styles work. Same auto-strip already applies to ZeptoMail's Zoho-enczapikey prefix; refactored to use a shared strip_auth_prefix() helper in the base API mailer class.
Fix: All API keys are now trim()ed automatically before use. Catches the common case where a user copy-pastes a key from a provider dashboard and accidentally grabs trailing whitespace or a stray newline. Previously some providers (notably SendGrid) would return a generic 401 with no useful explanation when the auth header contained non-printable characters.

1.0.23

Fix: Gmail / Microsoft 365 OAuth redirect URI is now constructed defensively so security and caching plugins (e.g. Wordfence, LiteSpeed Cache) that filter admin_url cannot strip the query string from the path and produce a truncated redirect_uri. Resolves the intermittent AADSTS50011 (redirect URI mismatch) errors some users hit when clicking "Connect with provider" for Microsoft 365. The final URL is unchanged — only the construction is now immune to third-party admin_url filters.
i18n: Email Log "Next run" timestamp now uses the site's configured date/time format (Settings → General) instead of a hardcoded English style. Sites running in non-English locales will now see the cleanup schedule formatted naturally.
Hardening: Expanded the wp_kses whitelist used to render channel logos on the Alerts tab — adds xmlns:xlink, role, aria-label, width, height, fill-rule, clip-rule, the <g> element, and a few missing path/circle attributes. No behaviour change for the bundled icons; future channel logos with these attributes will render instead of being silently stripped.
Tweak: ajax_cleanup_logs_now handler now explicitly returns after each wp_send_json_error(). wp_send_json_error already terminates via wp_die, so behaviour is unchanged — purely a clarity improvement.

1.0.21

New: "Clean Now" button on the Email Log. Run the auto-clean immediately instead of waiting for the next scheduled cron — useful after lowering retention or before exporting logs. Backed by a new sendforce_cleanup_logs_now AJAX endpoint (capability + nonce protected) that reports how many rows were removed.
New: Auto-clean status row above the Email Log table — at a glance shows the configured retention period, when the next automatic cleanup is scheduled, a deep-link to change the setting, and the "Clean Now" action.
New: "via rule: " badge on Email Log entries — when an email was redirected by a Smart Routing rule, the log row now shows which rule fired (read from the stored debug payload). Makes it trivial to confirm that routing is working as intended.
New: "Connection missing" warning on routing rule cards. When a rule points at a connection that has been deleted, the rule card now shows an amber warning badge — previously such rules failed silently at runtime and emails fell through to the primary connection without explanation.
New: Real channel logos on the Alerts tab — Slack, Discord, Microsoft Teams, Telegram, Google Chat, Pushover, and Webhook now render their actual brand SVG icons instead of two-letter initials. Inline-loaded and color-themed via currentColor for crisp rendering at any DPI.
Improvement: Test Routing tool parity. The "Test Routing" tool now evaluates rules through the exact same matcher used by the live mailer (shared rule_matches() + new build_test_context() helper), eliminating any drift between what the tool predicts and what actually happens at send time. Side benefit: the test tool now correctly evaluates time_between, weekday, to_pattern, and from_* conditions (previously partly stubbed in a duplicate local matcher).
Improvement: Routing-tab rule cards now render round-robin target lists ("Round-robin: SES, SendGrid") and a friendly "WordPress phpmail()" label for the phpmail pseudo-target — round-robin runtime was already supported, this surfaces it correctly in the UI.
Improvement: A11y — channel icon buttons on the Alerts tab now expose an aria-label so screen readers announce the channel name instead of empty graphics.
Fix: Alert channels were occasionally wiped when saving the Summary Email form. The settings sanitizer used to ignore the incoming channels payload and re-load whatever was in the DB; in races between the AJAX channel toggles and the Summary Email form save this could clobber channel state. The sanitizer now respects the incoming payload when present and only falls back to DB state when the form omits channels.
Tweak: Summary Email body textarea reduced from 3 rows to 2 so the Alerts form fits more cleanly on smaller viewports.
Internal: Email-log retention cleanup (SendForce_Logger::cleanup_old_logs()) now returns the number of rows deleted (was void) so callers like the new "Clean Now" handler can surface the count to the user.

1.0.20

Fix: Admin top navigation bar layout at narrow widths — resolved overlap with the WordPress admin bar on tablet/mobile, removed an oversized empty gap above the SendForce header, and prevented horizontal page scroll when tab labels would otherwise overflow on mid-size laptop screens.
Tweak: Tab labels now collapse to icon-only mode below 1340px (was 1180px) so all tabs fit cleanly without scrolling on common laptop widths.
Tweak: Logo gets proper left breathing room on mobile — no more flush-to-edge.

1.0.19

New: Smart Routing Rules. Send different emails through different connections based on rules you define. Conditions: recipient domain, recipient pattern (glob), source plugin (auto-detected for WooCommerce, Contact Form 7, WPForms, Gravity Forms, Ninja Forms, Fluent Forms, Forminator, Easy Digital Downloads, MemberPress, LearnDash, MailPoet, BuddyPress, bbPress and more), subject contains, time of day, weekday. Rules evaluated top-down — first match wins. If no rule matches, the email goes through your Primary connection (existing behaviour preserved).
New "Routing" tab in the admin (sidebar submenu) with rule list, per-rule add / edit / delete, enable/disable toggle, and a built-in "Test Routing" tool that lets you paste a sample recipient + subject + source plugin and see exactly which rule (if any) would fire and which connection would be used.
The mailer now always registers BOTH the API send filter and the SMTP phpmailer_init action and lets the (possibly routed) settings choose the path. This means a routing rule can freely switch between API and SMTP target connections — e.g. primary SMTP → routed to SES API, or primary API → routed to a different SMTP server.
Storage: new wp_sendforce_routes table (added automatically on plugin upgrade via dbDelta). The routes table is now self-healing — if it's ever missing on an admin page load, it's recreated immediately.
New: inline rule editor. Routing rules are now edited directly on the page as expandable cards — no modal popups. See all rules and conditions at a glance, edit any field inline, with an "Unsaved changes" indicator and Revert button per rule.
New: master "Enable Smart Routing" toggle at the top of the Routing tab. Lets you pause all rules without deleting them — useful for diagnosing whether routing is involved in an issue.
New: from_email and from_domain condition types — match by sender address, not just recipient. Useful when a single site sends from multiple identities (shop@, support@, noreply@).
New: matched rule shown in Email Log. When a routing rule redirects an email, the log entry now displays a "via rule: " badge under the subject so you can see exactly which rule fired for any given send.
New: starter presets in the empty state — one-click rules for WooCommerce orders, @gmail.com recipients, and contact form submissions.
New: "What's Next" / Roadmap tab in the admin — public roadmap of upcoming features, grouped by release.
New: styled confirm/alert dialogs replace native browser pop-ups across the routing UI for a consistent look.
Improvement: better keyboard support and focus management for routing dialogs (Esc to cancel, Enter to confirm).
Improvement: navigation collapses to icon-only buttons on medium-width screens so all tabs fit cleanly without overflow.

1.0.18

Fixed a misleading "Connected" status on the Gmail / Microsoft 365 OAuth panel. The panel previously showed "Connected" (green) whenever the connection's password field had any value — including when the value was a leftover SMTP password from a previous SMTP-mode setup or a refresh token without matching Client ID / Secret. The check is now strict: green "Connected" only renders when the connection is in API mode AND a Client ID is present AND a Client Secret is stored AND a refresh token is stored.
Added a new amber state — "Connection has a stored OAuth token but the Client ID or Client Secret is missing. Re-enter your OAuth credentials and click Reconnect." — for the partial-credentials edge case (only fires in API mode, so an SMTP password is never mistaken for an orphaned OAuth token).
The OAuth panel now shows a friendly "Switch the connection to API mode above to use OAuth" hint when a Gmail / Microsoft 365 connection is still in SMTP mode.
Polished the OAuth status indicator dot — larger (12px), stronger glow, properly aligned with the first line when the status text wraps to multiple lines, deeper text colours for better contrast.

1.0.17

Initialize the oauth_email field on newly created connections so the schema is consistent from the moment a connection is saved (was previously added only after the first OAuth completes — defensive code in JS handled the missing key, but the data shape was inconsistent).

1.0.16

New: One-click "Connect with Google" and "Connect with Microsoft" OAuth buttons for the Gmail and Microsoft 365 connections. Replaces the previous (very painful) workflow of generating refresh tokens manually via OAuth Playground or Azure CLI. The user pastes their Client ID + Client Secret once, clicks Connect, signs in, grants consent, and is done.
The OAuth refresh token is captured automatically and stored encrypted in the connection. The connection panel shows "Connected as user@example.com" with a Disconnect button. No third-party OAuth proxy involved — bring-your-own-credentials model, every site retains full control of its own Google Cloud / Azure AD app.
Microsoft 365: the API now supports both delegated (authorization_code) and app-only (client_credentials) flows, picked automatically based on whether a refresh token is stored. Existing Application-permission setups keep working unchanged.
Setup help panel inline in the connection form: step-by-step instructions for creating the Google Cloud / Azure AD app, plus the exact redirect URI to register, with a click-to-select copy box.

1.0.15

Audited all 20 provider integrations (SendGrid, Mailgun, Brevo, SparkPost, Postmark, Amazon SES, Elastic Email, SMTP2GO, Pepipost/Netcore, SMTP.com, SocketLabs, Moosend, Microsoft 365, Gmail, SendLayer, Mailjet, MailerSend, Mandrill, Resend, Zoho ZeptoMail) against current provider documentation. 18 of 20 verified spec-compliant; 1 minor fix below.
Fixed Moosend HTML content-type detection. The Moosend API treats an unset IsContentHtml flag inconsistently — now set explicitly in BOTH HTML and plain-text paths so the rendering matches what the user sent. Previously HTML emails sent via Moosend could render as plain text in some accounts.

1.0.14

Fixed an Email Queue bug where rows that entered "processing" state and then never completed (because the cron run timed out, the PHP process crashed, or the server restarted mid-batch) became orphaned forever. Each row claimed by the processor now carries a 10-minute lease (stored in next_retry_at); on the next cron run any rows whose lease has expired are automatically returned to the queue and retried.

1.0.13

Security: hardened the PHP-mail fallback path against header injection. Carriage-return / line-feed / null characters are now stripped from the To, Subject and every individual header line before being passed to mail(), preventing a malicious wp_mail filter from injecting BCC / CC / spoofed headers via embedded newlines.
Security: validated attachment paths in the SMTP fallback path. Attachments are now only added when the resolved path lies inside a known-safe root (ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, the uploads directory, or the system temp dir), preventing a path-traversal attack from a malicious upstream filter that could otherwise read arbitrary OS files.
Security: sanitized the fallback-connection label on read with sanitize_text_field() so any HTML stored in the option (by any means) cannot leak into admin UI surfaces.
Defense-in-depth: provider error messages echoed back into the test-email response are now run through wp_strip_all_tags() before being sent to the browser. The client already renders them via .text() so XSS was already blocked, but stripping tags server-side keeps the audit trail clean.

1.0.12

Renamed "Default Connection" to "Primary Connection" throughout the admin UI for clearer terminology (the connection-row badge, the General Settings section heading, helper text, and the About page). The internal storage key remains default_connection so existing user data is preserved without migration.
Provider status dot on the Email Test page now reflects the connection STATUS (green when configured, red when not) rather than the provider's brand colour. Fixes the misleading red dot next to providers like Google and Mailgun whose brand happens to be red.
Fixed the fallback-connection flow so wp_mail() correctly returns true when the primary fails but the fallback succeeds. The test-email UI now shows a clear "Test email sent via the fallback connection (X). The primary connection (Y) failed; the fallback recovered the send." message instead of misleading the user with the primary failure.
Suppressed the "WARNING: SMTP connection may not have completed properly" message when the active send path was API or PHP-Mail (it never applied to those modes; it was firing incorrectly).

1.0.11

Fixed cluttered display on the WordPress admin Plugins page. The Plugin Name: header is now the clean brand name "SendForce Mail Relay" (was the long SEO title), and the Description: header is a single-line summary instead of the full provider list. The long SEO title remains on the WordPress.org directory listing page for search visibility.

1.0.10

Added a UI control for the Developer Debug setting in Settings → Queue & Logging. Previously the value was honored by the mailer code but had no admin toggle.
Added a UI control for Max Retry Attempts (1–10) in the Email Queue section. Previously the queue read this value but there was no field to set it.
Hardened settings sanitization: the From Email field is now rejected with an admin notice when it isn't a valid email (instead of being silently truncated). Batch Size and Max Retry Attempts are now clamped to their valid ranges server-side.
Replaced every native dropdown with a fully-styled custom component. The open menu is now properly themed in the SendForce brand teal (animated panel, brand-color selected state, scroll-on-overflow, custom checkmark on the active item) instead of falling back to the OS-native menu that browsers refuse to style. Original elements are kept hidden in the DOM so form submission, "change" event listeners, and screen readers all keep working unchanged.
Full keyboard support on the new dropdown: ArrowUp/ArrowDown to navigate, Enter to select, Escape to close, click-outside to dismiss.
Default and Fallback connection selectors automatically refresh after adding or saving a connection (the styled UI gets the new option immediately, no page reload needed).
Polished form-control styling: cleaner chevron arrow, brand-teal focus ring, hover state on the arrow icon, and disabled state for inputs and selects. Edit row buttons now use the brand teal on hover (was indigo).

1.0.9

Tweaked the WordPress.org listing title to "SendForce Mail SMTP Relay — Free WP SMTP & Email API Plugin for Amazon SES, SendGrid, Mailgun, Brevo, Postmark, Zoho ZeptoMail & Gmail" so the SMTP keyword sits inside the brand cluster for better directory search matching. The internal product brand remains "SendForce Mail Relay" everywhere users see it (page titles, About page, alerts, email subjects).

1.0.8

New feature: Automatic fallback connection. The fallback dropdown in Settings → Connections is now wired to real send logic. When the primary connection's send fails, SendForce immediately retries via the configured fallback connection — works across any combination of API → API, API → SMTP, SMTP → API, SMTP → SMTP, or any → PHP mail.
The original failed attempt is still recorded in the Email Log; if the fallback succeeds, a second "sent" log row is created with a "Recovered via fallback connection" badge so you have a complete audit trail.
Refactored connection resolution into a shared merge_connection_into() helper; reduces duplication and makes the fallback path use the exact same config-merge rules as the primary.
Improved long-form Description in readme for better WordPress.org discoverability (added "Why SendForce", reorganized provider list by API vs SMTP, added "Works with all major WordPress plugins" section listing WooCommerce, Contact Form 7, WPForms, Gravity Forms, Elementor Forms, MemberPress, LearnDash, BuddyPress and more).

1.0.7

Updated the public plugin display name to "SendForce Mail SMTP — Free WP SMTP & API Plugin for Amazon SES, SendGrid, Mailgun, Brevo, Postmark, Zoho ZeptoMail & Gmail" so the WordPress.org search index correctly matches users looking for SMTP / API integrations with these specific providers. Internal slug, code, classes, and admin sidebar label are unchanged.
Rewrote the short description and Description: plugin header for better discoverability.
Refreshed the readme Tags to the highest-volume search terms in this category (smtp, wp smtp, email log, mailer, email api).
Polished the connection-row Edit / Delete buttons with dashicons, hover states, and proper destructive styling for the delete action.
Added sub-menu entries (Dashboard, Settings, Email Log, Email Queue, Email Test, Alerts) under the SF Mail Relay sidebar item, plus a submenu_file filter so the active tab is highlighted correctly when deep-linked.

1.0.6

Shortened the WordPress admin sidebar label from "SendForce Mail Relay" to "SF Mail Relay" so it fits on a single line. The full plugin name is preserved everywhere else (page title, dashboard widget, alerts, email subjects).
Added sub-menu entries under SF Mail Relay — Dashboard, Settings, Email Log, Email Queue, Email Test, Alerts — so each tab is reachable directly from the sidebar fly-out.

1.0.5

Removed an accidentally bundled macOS .DS_Store file from assets/images/providers/.
Added explicit phpcs:ignore annotations with rationale to four $wpdb queries in includes/class-sendforce-cli.php and includes/class-sendforce-sysinfo.php where the table name is interpolated from $wpdb->prefix plus a hardcoded literal (no user input).
Restructured the WP-CLI log delete --before query onto a single line so the existing phpcs:ignore directive correctly suppresses the InterpolatedNotPrepared warning on the prepared inner statement.

1.0.4

Updated bundled Chart.js from 4.4.0 to 4.5.0.
Rewrote the External Services section in readme.txt to fully document every email provider, notification channel, and bundled library — including SendLayer, MailerSend, Mailjet, Mandrill, Resend, Zoho ZeptoMail, Microsoft 365 Graph, Gmail API, Telegram, Pushover, Slack, Discord, Microsoft Teams, Google Chat, and Custom Webhook — with verified privacy and terms-of-service URLs for each.
Removed all inline <style> and <script> blocks from PHP output. Conflict-detection notice CSS and JS are now in dedicated assets/css/conflict-notice.css and assets/js/conflict-notice.js, properly enqueued via wp_enqueue_style/script. Alerts tab JS bootstrap data now uses wp_add_inline_script.
Surface the actual provider HTTP status and response body in the failure error so users can diagnose API errors instead of seeing only a generic "Failed to send" message.
Added a "Raw API request / response" panel to the Email Log detail modal — shows the captured (and secret-redacted) request/response from the last attempt.
Show masked dots (••••••••••••••••) as the placeholder for SMTP Password and API Key fields when a value is already saved, so the field no longer looks empty.
Hardened secret redaction: response bodies are now redacted (some providers echo the request payload back in errors); the redactor also handles malformed/non-JSON bodies via a regex fallback and includes client_secret in the secret-key list.
Defused CSV formula injection on log export and added the explicit fputcsv escape argument for PHP 8.1+.
Gated the on-load DB schema upgrade routine to admin / WP-CLI context only.
Added confirmation prompts to the destructive WP-CLI commands wp sendforce queue clear and wp sendforce log delete.

1.0.3

Added WP-CLI commands: wp sendforce test, wp sendforce queue process|stats|clear, wp sendforce log list|tail|delete|count, wp sendforce sysinfo.
Added developer hooks: sendforce_before_send, sendforce_after_send, sendforce_log_entry filter, sendforce_api_request, sendforce_api_response.
Added "Developer debug" setting to mirror SMTP and API debug output to debug.log (requires WP_DEBUG_LOG).
Added raw API request/response capture stored in a new debug_data log column (Authorization headers redacted).
Added Email Log export as CSV or JSON, honoring active filters.
Added "Copy Debug Info" button on the Email Test screen — generates a sanitized environment + settings snapshot with secrets stripped.
Replaced stale "SMTP-Manager" User-Agent on Resend API requests with "SendForce-Mail-Relay".
Added one-time DB upgrade routine to add the debug_data column on existing installs.

1.0.1

Fixed conflict detection banner not showing on all admin pages.
Fixed test email branding from "SMTPFlow" to "SendForce Mail Relay".
Added Microsoft 365 Graph API and Gmail API support.
Added 5 new providers: SendLayer, Mailjet, MailerSend, Mandrill, Resend.
Added Zoho ZeptoMail API support.
Added 3 new notification channels: Microsoft Teams, Google Chat, Custom Webhook.
Added SVG provider logos for all providers.
Added collapsible provider grid with smooth animation.
Fixed API mailer bugs: SendLayer field names, Pepipost endpoint, SparkPost CC, SES BCC, MailerSend Reply-To.
Added CC/BCC/Reply-To support to Elastic Email, SMTP2GO, SMTP.com, SocketLabs, Moosend, Pepipost.
Auto-set first connection as Default Connection.
Bundled Chart.js locally (removed CDN dependency).
Fixed all WordPress Plugin Check errors and warnings.
Renamed main plugin file to sendforce-mail-relay.php.

1.0.0

Initial release.
SMTP configuration with 18 provider presets and one-click setup.
HTTP API sending support for 12 providers (SendGrid, Mailgun, SES, Brevo, SparkPost, Postmark, Elastic Email, SMTP2GO, Pepipost, SMTP.com, SocketLabs, Moosend).
From name and email override for all outgoing WordPress emails.
Full email logging with keyword search, status filter, and date range filter.
Email queue with WP-Cron processing and exponential backoff retry.
Dedicated Email Test page with live SMTP debug log.
Encrypted password and API key storage (AES-256-CBC).
Auto log cleanup with configurable retention period.
Modern admin dashboard with connection status and 7-day send chart.

SendForce Mail SMTP Relay — Free WP SMTP & Email API Plugin for Amazon SES, SendGrid, Mailgun, Brevo, Postmark, Zoho ZeptoMail & Gmail

标签

下载

详情介绍:

安装:

屏幕截图:

升级注意事项:

常见问题:

更新日志: