The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Admin please read! - httpd.conf modification to prevent spam from php mail()

Discussion in 'E-mail Discussions' started by hostultra, Apr 13, 2004.

  1. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Often you will see spam or abuse of the php mail function which is very hard to trace due to the mail being sent by 'nobody'.
    I know you can disable nobody from sending mail, but that prevents php mail from working altogether.
    With this simple modification of the httpd.conf you can see who sent the mails:

    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -r USERNAME"

    You need to put that in each users virtualhost, and change USERNAME to the actual username.
    This causes the return address to become USERNAME@yourserver.com which can be used to track who sent the mail.
    Hopefully cpanel can consider this for the next release, or make it an option like open_basedir
     
    #1 hostultra, Apr 13, 2004
    Last edited: Apr 13, 2004
  2. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    16
    that's a good idea, but not necessary when using phpsuexec
     
  3. internethosting

    internethosting Well-Known Member

    Joined:
    Aug 18, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I love this!.. Can Cpanel put together a little script we can run to have this added to the httpd.conf automatically.???
     
  4. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I hope they will, I don't think it will be much work as it is basically the same logic as the open_basedir feature.
     
  5. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    One thing i forgot to mention:

    For this to work at all you need to goto Exim Configuration Editor advanced mode and in the first large edit box put in this line

    trusted_users = nobody

    All trusted users does is allow the nobody user to use the -r option to set the sender on the command line. This MAY cause future annoyances if you allow the php exec and system functions.
     
  6. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
  7. MichaelShanks

    MichaelShanks Well-Known Member
    PartnerNOC

    Joined:
    Aug 20, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    I see this issue has not been addressed, I am of the opinion that this should at least have a cpanel developer look into it, it is a relatively simple modifcation that can be made to the /scripts/initsuexec script,
     
  8. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    My vote made it 10 now in total. Wonder how many votes it takes to get something included?
     
  9. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    13 votes now, but at 2004-04-29 14:56:45 Nick@Cpanel did assign it to depend on bug #128 ("cPanel 9.4 TODO"), so hopefully it'll be coming shortly...
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    This will not be done because it opens up a security hole to make it happen. Please read the bugzilla bug report for more information.
     
  11. AP

    AP Well-Known Member

    Joined:
    Nov 5, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    hee hee:D
     
  12. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Here is a better way which does not make a security hole:

    Upload the following as /usr/sbin/phpsendmail and chmod 755

    Code:
    #!/usr/bin/perl
    
    $/ = null;
    $input = <STDIN>;
    
    open (MAIL, "|/usr/sbin/sendmail -t -i");
    print MAIL qq~X-PHP-SENDER: $ARGV[0]
    $input~;
    close(MAIL);
    
    
    Edit /scripts/phpopenbasectl
    Change line 71 to:

    print HC "<IfModule mod_php4.c>\nphp_admin_value open_basedir \"${homedir}/:/usr/lib/php:/usr/local/lib/php:/tmp\"\nphp_admin_value sendmail_path \"/usr/sbin/phpsendmail $owner\"\n</IfModule>\n";

    chattr +i /scripts/phpopenbasectl
    Goto WHM and rebuild the php open basedir
     
  13. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    someone add this to the cpanel bugzilla!
     
  14. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    This is what GrandMaster J. Nick Koston had to say to this Idea
     
  15. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    yes but if you read the above post, youd realise he made a new version one that doesnt have that hole :P
     
Loading...

Share This Page