Hello,
without any patch you can modify the "sendmail_path" parameter and add
what you want no ?
With mod_php I use this in my virtualhosts :
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f
[EMAIL PROTECTED]"
An with CGI module, we already have the username.
It should be enough to identify which member is involved ; no ?
Olivier
Paul van Brouwershaven a écrit :
Hi All,
I'm working for an hosting company, we have a lot of PHP users and see
regularly that one of the scripts from our users is hacked. Result?, a
lot of spam on the net, and a lot of work the find the spamming
scripts on the servers.
If you have a PHP script that sends mail, the recipient of the mail
message will only see which server it was sent from. There will
normally be no record of who originated the message, or which script
on the server actually caused it to be sent. This can make it
difficult to trace misuse, even if you have comprehensive mail and
webserver logs.
I think it should be usefull to add the "PHP mail() header patch" from
Steve Bennett in safemode by default.
The header could be in the form:
X-PHP-Script: <servername><php-self> for <remote-addr>
For example:
X-PHP-Script: www.example.com/~user/testapp/send-mail.php for
10.0.0.1
The patch can be found at:
http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/
Best Regards,
Paul van Brouwershaven
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
