Hi,
Sort of mailing this in as the result of the rantings of quite a few
mates of mine who look after shared hosting boxes.
Would it be acceptable to do up a patch for the mail() function which'll
listen to an ini entry[0] for a logfile to log all mail sent using this
function.
Basically, the reasoning boils down to when some naive user writes a
little bit of a bad script then somebody exploits that nasty script,
there's no way to tell which virtualhost has sent which mail and to whom.
The format I'm thinking of is:
[timestamp] [http_host] [script] [subject] [from]
If I could work out a way to do this as a pecl module, I'd be more than
happy to, but I can't see such a way - If anybody can point me in the
right direction here though, please shout.
I'm more than happy to draft up a patch for this rather than just
talking about it, and I do feel it's an important issue - not least in
order to kill a certain amount of the FUD that I hear about php on this
issue.
[0] I know, ini entries bad - but for this purpose, justified I feel.
I'd like to do two: mail_log = bool & mail_logfile = string.
Opinions? Good or bad? Should I go ahead with doing up a patch or not ?
Cheers.
--
Gareth Ardron
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
