On Wed, Mar 3, 2010 at 4:57 PM, Aaron Cooper <[email protected]> wrote:
> The trouble is, your concern also comes from other indirect security > problems, from the applications they use to directory permissions. Not just > forms your customers use/write. > > Did you come across this at all? > http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam > Thanks for the replies guys.. logging the php via the environment vars is perfect and something we didnt think of. We already have a perl sendmail_path script that uses smtp to send the mail via our smtp server setting the return-path correctly (so its not www-d...@webserver1 etc).. so we will alter the above PHP script to use PEAR to send the mail via our SMTP server, as well as use Richards suggestion to check a blacklist and some other bits and pieces. Thanks again! Simon -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
