Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel Admin please read! - httpd.conf modification to prevent spam from php mail()

Discussion in 'E-mail Discussion' started by hostultra, Apr 13, 2004.

  1. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    Often you will see spam or abuse of the php mail function which is very hard to trace due to the mail being sent by 'nobody'.
    I know you can disable nobody from sending mail, but that prevents php mail from working altogether.
    With this simple modification of the httpd.conf you can see who sent the mails:

    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -r USERNAME"

    You need to put that in each users virtualhost, and change USERNAME to the actual username.
    This causes the return address to become USERNAME@yourserver.com which can be used to track who sent the mail.
    Hopefully cpanel can consider this for the next release, or make it an option like open_basedir
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 hostultra, Apr 13, 2004
    Last edited: Apr 13, 2004
  2. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    166
    that's a good idea, but not necessary when using phpsuexec
     
  3. internethosting

    internethosting Well-Known Member

    Joined:
    Aug 18, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    156
    I love this!.. Can Cpanel put together a little script we can run to have this added to the httpd.conf automatically.???
     
  4. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    168
    I hope they will, I don't think it will be much work as it is basically the same logic as the open_basedir feature.
     
  5. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    One thing i forgot to mention:

    For this to work at all you need to goto Exim Configuration Editor advanced mode and in the first large edit box put in this line

    trusted_users = nobody

    All trusted users does is allow the nobody user to use the -r option to set the sender on the command line. This MAY cause future annoyances if you allow the php exec and system functions.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    168
  7. MichaelShanks

    MichaelShanks Well-Known Member
    PartnerNOC

    Joined:
    Aug 20, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    316
    I see this issue has not been addressed, I am of the opinion that this should at least have a cpanel developer look into it, it is a relatively simple modifcation that can be made to the /scripts/initsuexec script,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,504
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    My vote made it 10 now in total. Wonder how many votes it takes to get something included?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    168
    13 votes now, but at 2004-04-29 14:56:45 Nick@Cpanel did assign it to depend on bug #128 ("cPanel 9.4 TODO"), so hopefully it'll be coming shortly...
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,480
    Likes Received:
    30
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
    This will not be done because it opens up a security hole to make it happen. Please read the bugzilla bug report for more information.
     
  11. AP

    AP Well-Known Member

    Joined:
    Nov 5, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    156
    hee hee:D
     
  12. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    Here is a better way which does not make a security hole:

    Upload the following as /usr/sbin/phpsendmail and chmod 755

    Code:
    #!/usr/bin/perl
    
    $/ = null;
    $input = <STDIN>;
    
    open (MAIL, "|/usr/sbin/sendmail -t -i");
    print MAIL qq~X-PHP-SENDER: $ARGV[0]
    $input~;
    close(MAIL);
    
    
    Edit /scripts/phpopenbasectl
    Change line 71 to:

    print HC "<IfModule mod_php4.c>\nphp_admin_value open_basedir \"${homedir}/:/usr/lib/php:/usr/local/lib/php:/tmp\"\nphp_admin_value sendmail_path \"/usr/sbin/phpsendmail $owner\"\n</IfModule>\n";

    chattr +i /scripts/phpopenbasectl
    Goto WHM and rebuild the php open basedir
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    someone add this to the cpanel bugzilla!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    695
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Sydney / Australia
    This is what GrandMaster J. Nick Koston had to say to this Idea
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    yes but if you read the above post, youd realise he made a new version one that doesnt have that hole :P
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice