The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to check for mail function used in PHP scripts?

Discussion in 'E-mail Discussions' started by pingo, Aug 4, 2003.

  1. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    Could someone please tell me the command to find out which scripts/accounts uses the mail command in PHP (SSH).

    Also, once located is it somehow possible to find out if a user spammes with mail() as it uses user nobody?

    Thanks
    John

    cPanel.net Support Ticket Number:
     
  2. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    We have been researching to find a way to control the use of php mail() more too, as spam is getting worse and worse.

    cPanel.net Support Ticket Number:
     
  3. amard

    amard Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Herts, UK
    Hi,

    You could always re-write the source code of the mail function to create a log. I can't think of any other way of doing it, unless you just disable the mail() function and make people use fsockopen for SMTP.


    Rob

    cPanel.net Support Ticket Number:
     
  4. andyf

    andyf Well-Known Member

    Joined:
    Jan 7, 2002
    Messages:
    246
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    in your php.ini set

    disable_functions = mail

    .. which will stop the function being used.

    or turn off user 'nobody' sending mail in the cpanel tweak settings (ofcourse this wont work if you use phpsuexec or cgi suexec).

    cPanel.net Support Ticket Number:
     
  5. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for your responses. So it can be turned of in the ini file. I'm not sure, however, that would be a good idea. Lots of clients are using it and I would probably loose quite some customer :) - anyway, thanks for the tip. Maybe I'll use it some time.

    John

    cPanel.net Support Ticket Number:
     
  6. andyf

    andyf Well-Known Member

    Joined:
    Jan 7, 2002
    Messages:
    246
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    phpsuexec (if you're prepared to run it) at least should allow you to ID which user is sending the mail rather than it all appearing as coming from 'nobody'.

    cPanel.net Support Ticket Number:
     
  7. largolam

    largolam Active Member

    Joined:
    May 16, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    php mail()

    The best solution would be to change php.ini, so instead of calling sendmail (exim) directly, php calls a wrapper function, which adds the Apache environment to the headers of the message that gets sent, including the avctual path to the php script, the website ServerName, etc, (and optionally logs, if one needs that too) and then passes the message to the MTA

    Ive done this before, but the php setup on the cpanel servers seems to strip out the Apache environment before calling the "sendmail" function, and I havent figured out why.

    cPanel.net Support Ticket Number:
     
  8. holymanjay

    holymanjay Member

    Joined:
    Oct 11, 2002
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    You can disble the mail function, and compile a CGI version of PHP which you can allow users to use only when they need the mail function.

    cPanel.net Support Ticket Number:
     
  9. largolam

    largolam Active Member

    Joined:
    May 16, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I dont want to disable the function.. I just want to insert a wrapper that will add useful headers in the mail that is sent, which would allow me to take those headers, and find the specific script that sent the mail.

    Oh, and it should record the HTTP_REMOTE_ADDRESS in the headers too, so if someone is abusing the site we have a record of who.

    Ive redesigned formmail so it does this, it would be real nice if I could insert a wrapper in between php and its call to 'sendmail', and have access to the Apache HTTP variables so I could do it there too.

    My formmail mod also uses BSMTP rather than the hideous "-t" method but since php doesnt provide envelope information seperately from the headers it'd be a wash there.

    cPanel.net Support Ticket Number:
     
  10. HostDime

    HostDime Well-Known Member
    PartnerNOC

    Joined:
    Mar 15, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Orlando, Florida
    largolam - I'd be willing to pay you via Paypal if you help me with the code for creating a log.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page