On Sun, Aug 13, 2006 at 04:31:55PM +0200, Phil Pennock wrote: > On an Exim receive (<=) line, the ability to log the value of a > specified environment variable. > > Rationale: PHP webhosting, which on Unix uses "sendmail" for submission, > rather than talking SMTP, so the web-server's environment variables will > be visible (by hook or by crook). So if I can log the $REQUEST_URI in > _Exim_'s logs, it should become *much* easier to track down the page > which is being abused by spammers. Sometimes, with large badly-written > PHP applications it can be difficult to tell from the web-server logs > where the hole is.
This may or may not be any use to you; I tried this on a test box and it
worked for me:
perl_startup = sub return_env { return $ENV{$_[0]} }
acl_not_smtp:
accept
logwrite = FOO=${perl{return_env}{FOO}}
add_header = X-CGI-Env: FOO=${perl{return_env}{FOO}}
On our older web hosting box we had /usr/sbin/sendmail as a wrapper script
which injected extra headers (based on REQUEST_URI etc) before running the
real MTA. However in light of your email, and my quick test above, I think I
might find a better way of doing it on our newer web hosts :-)
Good luck tidying up after the PHP wannabes.
--
Dave Evans
Power Internet
PGP key: http://powernet.co.uk/~davide/pgpkey
signature.asc
Description: Digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
