From:             [EMAIL PROTECTED]
Operating system: ALL
PHP version:      4.2.3
PHP Bug Type:     Feature/Change Request
Bug description:  No way to identify source of email sent by mail()

The problem is that when any user sends email message from php script it
always comes from ,,http'' (or whatever) user.

There is no way to identify which script was used to send some mail. User
sets all headers as he wants ;/ Sender is http@fqdn.

On my systems users have a lot of php scripts and spammers use them to
spam through my server! Identifying which script was used is quite
problematic when there are tons of scripts. php currently doesn't give any
information about which script was that - there is no usefull enviroment
variables, there is no additional mail headers, working directory when
calling sendmail is ,,/'' so I can't even do pwd to identify directory
with php script.

I'm suggesting adding way to identify source script. I thing about two
ways of doing this:
1) set enviroment variable SCRIPT_FILENAME with same value as in php (and
other variables) before executing sendmail so It would be possible to
setup wrapper instead of sendmail and do whatever you want.
2) add option to php.ini like sendmail_id_header = yes|no
that would cause adding some header to message like X-PHP-Script-Filename:
/home/something/blah.php
or even sendmail_id_header = name of php variable
(that would cause to add X-Name-Of-PHP-Variable: it's value to mail
message).
Second is better because it works with SMTP, too.

Opinions?


-- 
Edit bug report at http://bugs.php.net/?id=19538&edit=1
-- 
Try a CVS snapshot:  http://bugs.php.net/fix.php?id=19538&r=trysnapshot
Fixed in CVS:        http://bugs.php.net/fix.php?id=19538&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=19538&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=19538&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=19538&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=19538&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=19538&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=19538&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=19538&r=submittedtwice
register_globals:    http://bugs.php.net/fix.php?id=19538&r=globals

Reply via email to