The originating PHP script header helps people who run shared servers
track down the source of problematic mail. The two most common cases are:
- A contact form with poor security and the option to send a copy to the
"commenter". Hackers find these and flood them.
- A completely compromised site with some mailer script buried down in a
folder that shouldn't have code (typically some image path).
Both give a quick indication of which account needs to be suspended and
what the best course for remediation should be from there.
In cPanel, the X-OutGoing-Spam-Status header is generated by hosts who
run SpamAssassin on outbound mail. As it's easily forged it's kind of
useless on the receiving side (and until a few months back was actually
scoring 0.2 on incoming) but it's generated by cPanel with no option to
disable it. It might also serve as a useful diagnostic for hosts trying
to figure out how the heck an obvious spam message managed to get sent:
if it's not there, then the message was sent by a nonstandard MTA.
On 2021-09-08 18:40, Bert Van de Poel wrote:
By default any PHP script that's sending an email will contain
X-PHP-Originating-Script on several Linux distros, even though it's
not the official default (see
https://www.php.net/manual/en/mail.configuration.php , one of the
first Google results). It's a pretty common occurrence to see that
header in automated emails of all kinds (e.g. registration
confirmation emails, notifications, login link emails). Alone it's a
sign of spam nor ham, but combined with other things it can be
interesting. The others don't ring a bell for me.
Bert
On 8/09/2021 23:27, Loren Wilton wrote:
I'm getting a lot of mails with some very curious headers in them.
I tried searching with Google, and it has never heard of many of
these strings.
Does anyone recognize what might be generating these headers?
X-EOPTenantAttributedMessage
X-EmailAdvisor
X-Mxtb-Transitionid
X-MG-Subscriptionuid
X-PHP-Originating-Script
X-EmailTransmit-type
CMM-X-SID-Result
CMM-X-AUTH-Result
CMM-X-Message-Status
X-OutGoing-Spam-Status
X-EmailTransmit-aid
X-rext
Thanks!
Loren
---
This email has been checked for viruses by AVG.
https://www.avg.com
--
For SpamAsassin Users List