How to check for mail function used in PHP scripts?

[pingo]

Could someone please tell me the command to find out which scripts/accounts uses the mail command in PHP (SSH).

Also, once located is it somehow possible to find out if a user spammes with mail() as it uses user nobody?

Thanks
John

cPanel.net Support Ticket Number:

[nickn]

We have been researching to find a way to control the use of php mail() more too, as spam is getting worse and worse.

cPanel.net Support Ticket Number:

[amard]

Hi,

You could always re-write the source code of the mail function to create a log. I can't think of any other way of doing it, unless you just disable the mail() function and make people use fsockopen for SMTP.


Rob

cPanel.net Support Ticket Number:

[andyf]

in your php.ini set

disable_functions = mail

.. which will stop the function being used.

or turn off user 'nobody' sending mail in the cpanel tweak settings (ofcourse this wont work if you use phpsuexec or cgi suexec).

cPanel.net Support Ticket Number:

[pingo]

Thanks for your responses. So it can be turned of in the ini file. I'm not sure, however, that would be a good idea. Lots of clients are using it and I would probably loose quite some customer - anyway, thanks for the tip. Maybe I'll use it some time.

John

cPanel.net Support Ticket Number:

[andyf]

phpsuexec (if you're prepared to run it) at least should allow you to ID which user is sending the mail rather than it all appearing as coming from 'nobody'.

cPanel.net Support Ticket Number:

[largolam]

The best solution would be to change php.ini, so instead of calling sendmail (exim) directly, php calls a wrapper function, which adds the Apache environment to the headers of the message that gets sent, including the avctual path to the php script, the website ServerName, etc, (and optionally logs, if one needs that too) and then passes the message to the MTA

Ive done this before, but the php setup on the cpanel servers seems to strip out the Apache environment before calling the "sendmail" function, and I havent figured out why.

cPanel.net Support Ticket Number:

[holymanjay]

You can disble the mail function, and compile a CGI version of PHP which you can allow users to use only when they need the mail function.

cPanel.net Support Ticket Number:

[largolam]

I dont want to disable the function.. I just want to insert a wrapper that will add useful headers in the mail that is sent, which would allow me to take those headers, and find the specific script that sent the mail.

Oh, and it should record the HTTP_REMOTE_ADDRESS in the headers too, so if someone is abusing the site we have a record of who.

Ive redesigned formmail so it does this, it would be real nice if I could insert a wrapper in between php and its call to 'sendmail', and have access to the Apache HTTP variables so I could do it there too.

My formmail mod also uses BSMTP rather than the hideous "-t" method but since php doesnt provide envelope information seperately from the headers it'd be a wash there.

cPanel.net Support Ticket Number:

[HostDime]

largolam - I'd be willing to pay you via Paypal if you help me with the code for creating a log.

cPanel.net Support Ticket Number: