Re: [PHP] mail() on *nix using ssmtp or an external smtp server?
I've been trying further to get ssmtp working with apache/php in a chrooted envrionment and have had some success on Linux, so I'm sharing it with everyone else. I've also come to understand quite well how the mail() function is implemented in php too, and actually it's quite simple. All directories that I speak of below are relative to the new root directory in the chrooted environment. First thing is ssmtp expects to find its config files in /etc/ssmtp/, so that needs to be created inside the chrooted environment. The real killer for this whole thing however, and seemingly where everything was falling over, is that I had to put ssmtp in the /usr/sbin/ directory. For reasons that totally illude me, if ssmtp is in the /bin directory or anywhere else, mail() fails!?!?! The php.ini file needs to be in the usual /usr/local/lib/ location, and the sendmail parameter in the php.ini file needs to be set to /usr/sbin/ssmtp -t. Do not try any other flags, otherwise mail() fails. The attempts I've made today have brought results and are reproducible. This also works in a normal (that is not chrooted) environment. The demanded location of the ssmtp binary is by far the most bizarre thing I have had in this whole exercise, and I would appreciate it if someone else might be able to take the time to confirm my findings. What I also don't understand is that if I have ssmtp in the /bin directory (or anywhere else for that matter) and invoke it from the command line in a chrooted environment, it works happily. It also worked happily when I wrote my own short C program that emulated what is done in the PHP mail delivery procedures. For what ever reason, it just refused to work through PHP if it was anywhere other than /usr/sbin/ssmtp. So ssmtp in a chrooted environment, provided it's in /usr/sbin/, works well on a Linux box, but on AIX machines, it still fails completely and I don't yet know why. As I have done this time, if I have any success, I will post to the list so other people can know. If anyone else has some success with this on AIX, I would greatly appreciate knowing about it. best regards Markus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() on *nix using ssmtp or an external smtp server?
Just an addennum to my previous post 10 minutes ago: For ssmtp to work with apache/php in a chrooted environment, some kind of shell needs to be present in the /bin directory. This seems to be a limitation of PHP rather than some kind of deficiency with ssmtp. This in itself is a kind of security risk since one of the main reasons of putting things in a chrooted jail is to minimise as much as possible the scope for an attacker to do anything if they do make it into the machine. best regards Markus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() on *nix using ssmtp or an external smtp server?
Hi Markus, Markus Mayer wrote: [MTA in chroot()'d env] Yes, I'm afraid it requires an MTA. Maybe it's a risk, but unsing PHP (or general non-static webpages) generally is a potential security risk # Dan Bernstein, the author of qmail will pay you 1000$ if you exploit qmail. The offer stands since 1999. The money's still there, so it is a limited risk to install qmail in that environment. (If I found a way, I'd try; 1000$ is a lot beer and barbeque-stuff#) I don't know how sensible security aspects are on your site, but for my needs it has always been safe enough. If you ever read through the sources you might have seen, that Dan kept an eye on very many aspects how software can be exploited and avoided all he could think of, even those he couldn't imagine being abused. (Actually, it taught me a lot on programming in general and on C in special) Regarding a function that may override the internal mail()-function: I'm not sure, but I think php's mail() just invokes the internal routine to queue mails in the local mta. Errorhandling in only performed in reading exit-status of sendmail -t -i... sending mails directly is nontrivial in php, because you'll have to read the mx-record... sending mails through an externel mta seems to me to have 2 stepping-stones: 1st Whatdayado if for any reason the external server is down only for 3 seconds? 2ndly It will slow down your script. It's not just forking a process, it's open a network connections, wait for the end to response, do a lot of protocol stuff etcetc But the idea of running a webserver chroot()'d sound so sweet to me, I'm going to check this out as soon as I have time for playing around a bit.# best regards Markus Have fun Stephan -- np: Grauzone - Wütendes Glas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mail() on *nix using ssmtp or an external smtp server?
Hello all! I have a frustrating problem with PHP and am hoping someone on the list might know a solution. I need to set up an apache server with php on Linux and AIX machines, and it all has to be in a chrooted environment. Most things work very well except for the mail() function. It appears that PHP on *nix systems is hard coded so that it is incapable of using an external smtp server instead needing a locally installed sendmail, however if php is built on a windows machine, it is hardcoded so it can only use an external smtp server. There seems to be no way around this. In terms of the design of PHP, I think this is a serrious error. As a result of the above problem, I have been looking for alternatives to sendmail, postfix, exim, and qmail because I need to not have any kind of full featured MTA in the chrooted environment. I found ssmtp[1] and esmtp[2], both of which would be satisfatory alternatives to sendmail and crew. Despite having both of these working from the command line in the chrooted environment, neither works with PHP when setting them with the sendmail_path option in php.ini. So my questions: - Does anyone know of a way to make PHP on *nix use an external smtp server without having to hack around in the source code of PHP? - Has anyone got either ssmtp or esmtp working with PHP? I would greatly appreciate if someone could offer a solution to me. best reagrds Markus [1]. http://packages.debian.org/stable/mail/ssmtp.html [2]. http://esmtp.sourceforge.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() on *nix using ssmtp or an external smtp server?
Hi Markus, do I get you right, you can't invoke mail() because php can't find the sendmail executable? perhaps this does the trick: function my_mail_inject($mail) { $sendmail = ini_get(sendmail_path); if(!$sendmail) $sendmail = /var/qmail/bin/qmail-inject; $p = popen($sendmail, w); if($p) { fwrite($p, $mail); pclose($p); return 1; } return 0; } (this is something I acutally use on a beta-production-system.) $mail must contain a complete mail with all necessary headers. qmail-inject is ~ equal to sendmail -t (-i is ignored in qmail's sendmail.) this solution also helpep me out of my dilemma that php reformats mail and adds extra headers and so on. Here I have full control over all headers :o) Hope you see your qmail installation in chroot'd env. else: good luck. I know it's not an external mta to deliver. If this does not help you at all have a look at the sources and hack 'em 'till they fit your needs # Ste'reinvent the wheel'phan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() on *nix using ssmtp or an external smtp server?
Hi Stephan, On Monday 16 August 2004 15:16, Stephan Fiedler wrote: do I get you right, you can't invoke mail() because php can't find the sendmail executable? Indeed you get me right. As I said in my post, alternatives such as qmail, exim, postfix and similar full featured MTA's in the chrooted environment are considered not acceptable because of the extra security risk in the case of a system compromise. I have to minimise as much as possible the scope for damage in case there is some kind of compromise. Your script is nice, but seems to rely on a full MTA inside the chrooted environment which I can't have. I tried something similar where I opened sockets on the external smtp server and wrote the mail into the socket, and this worked. The main problem with this is every script that uses a mail() function call has to be changed, and given that there are a lot of people who have and are supposed to be allowed to write such scripts on the servers, it's far from an ideal solution, and difficult to make those people use such a script. Second problem is I have to be able to handle failures in delivery, meaning implementing at least part of the smtp standard in a php script. It's all rather messy. If this does not help you at all have a look at the sources and hack 'em 'till they fit your needs # I've been worried about this kind of answer. Best, and I think quite a sensible step, would be if the PHP team changed the design of PHP and allowed *nix systems to use an external smtp server. best regards Markus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php