Re: [PHP-DEV] PHP mail() header patch for SafeMode
Daevel wrote: Hello, without any patch you can modify the sendmail_path parameter and add what you want no ? With mod_php I use this in my virtualhosts : php_admin_value sendmail_path /usr/sbin/sendmail -t -i -f [EMAIL PROTECTED] Yes, I have done this.. but now is the question where is the spamming script? An with CGI module, we already have the username. It should be enough to identify which member is involved ; no ? Yes, but not to identify which the script -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP mail() header patch for SafeMode
Hi All, I'm working for an hosting company, we have a lot of PHP users and see regularly that one of the scripts from our users is hacked. Result?, a lot of spam on the net, and a lot of work the find the spamming scripts on the servers. If you have a PHP script that sends mail, the recipient of the mail message will only see which server it was sent from. There will normally be no record of who originated the message, or which script on the server actually caused it to be sent. This can make it difficult to trace misuse, even if you have comprehensive mail and webserver logs. I think it should be usefull to add the PHP mail() header patch from Steve Bennett in safemode by default. The header could be in the form: X-PHP-Script: servernamephp-self for remote-addr For example: X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1 The patch can be found at: http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/ Best Regards, Paul van Brouwershaven -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Hey, Paul van Brouwershaven wrote: I think it should be usefull to add the PHP mail() header patch from Steve Bennett in safemode by default. I wonder how this would go along with: http://www.php.net/~derick/meeting-notes.html#safe-mode I don't know if this still applies, it's from 2005 ... - Markus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Hi Paul, Am Montag, den 18.02.2008, 12:06 +0100 schrieb Paul van Brouwershaven: [...] I think it should be usefull to add the PHP mail() header patch from Steve Bennett in safemode by default. As safemode is going to be (finally!) removed in PHP 6, I would propose not to make this dependent on safe-mode. I would rather allow this feature to be enabled separetely in the php.ini. Something like mail.extra_log_header (not the perfect name, I know) would work. [...] cu, Lars signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: [PHP-DEV] PHP mail() header patch for SafeMode
2008/2/18, Paul van Brouwershaven [EMAIL PROTECTED]: Enabling it from the php.ini would also be a good option, the main point is to get some help with tracking the spam source in a shared hosted environment. IIRC Ilia had a better patch for this, I dont know why it hasnt been merged into PHP core. -- http://www.cristianrodriguez.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Lukas Kahwe Smith wrote: Are you aware of the following: http://ilia.ws/archives/149-mail-logging-for-PHP.html The idea is the same, but why is this not in the core? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
On 18.02.2008, at 15:04, Paul van Brouwershaven wrote: Hi Lars Markus, Lars Strojny wrote: As safemode is going to be (finally!) removed in PHP 6, I would propose not to make this dependent on safe-mode. I would rather allow this feature to be enabled separetely in the php.ini. Something like mail.extra_log_header (not the perfect name, I know) would work. [...] Enabling it from the php.ini would also be a good option, the main point is to get some help with tracking the spam source in a shared hosted environment. Are you aware of the following: http://ilia.ws/archives/149-mail-logging-for-PHP.html regards, Lukas -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Hi Lars Markus, Lars Strojny wrote: As safemode is going to be (finally!) removed in PHP 6, I would propose not to make this dependent on safe-mode. I would rather allow this feature to be enabled separetely in the php.ini. Something like mail.extra_log_header (not the perfect name, I know) would work. [...] Enabling it from the php.ini would also be a good option, the main point is to get some help with tracking the spam source in a shared hosted environment. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php