[request] php mail header

D

Dixiesys

Verified User
Joined
Aug 2, 2003
Messages
123
Location
The South
It is VERY hard to track down php spamming with Directadmin and if you added the php mail header patch it would GREATLY help in tracking down spamming from abused php scripts.

http://choon.net/php-mail-header.php

Isn't choon a member of the DA forums? Maybe he could whip up a quick and easy way to do this for DA?? Please, pretty please?
 
I successfully added this to the build file, it was 2 lines and very easy:

a few lines past the doPhp() { line I added these two lines right after echo "Done.";

Code: 
        wget [url]http://choon.net/opensource/php/php-[/url]${PHP_VER}-mail-header.patch
        patch -p0 < php-${PHP_VER}-mail-header.patch

Now any email sent via php has a new line in the header like so:
Code: 
X-PHP-Script:  da29.awesomedns.com/testemail.php for 66.48.160.209

This was a VERY quick and painless addin to the build file - in the interests of tracking spam and abused formmailers I'd HIGHLY encourage seeing this added to the default php build system.
 
So, add mail headers php patch would be added to standart phpbuild? When it be added?
Or can I add this patch custom, what? I need exactly detailed guide.

Best Regards,

eSupport TEAM.
 
GXX said:
Read Gary's post above, can't be any more detailed than that.
Click to expand...
Actually it could. What build file is he talking about? And what are the commands to rebuild after you change the line?
 
Gary's method need editing to DA's build script. Here is another method which we make use of unpacking the php source, patch it then tar it back up since DA's build script doesn't check for md5 checksum of php source :(
Code: 
cd /usr/local/directadmin/customapache
rm -rf php-4.3.10
tar zxvf php-4.3.10.tar.gz
wget http://choon.net/opensource/php/php-4.3.10-mail-header.patch
patch -p0 < php-4.3.10-mail-header.patch
tar zcpvf php-4.3.10.tar.gz php-4.3.10
Then continue with your ./build whatever you like :p

For future mail header patching, just changing the version as long as DA's build script doesn't check for md5 checksum of sources.

Hope this helps ;)
 
Why not use DA's method in httpd.conf?

php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
 
Fusion are you saying:

php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'

is all that is needed?
 
I'm not recommending against adding the suggested mail-header patch.

But I did want to add to the thread that it's actually very easy to track spammers using log entries; we do it all the time.

The subject and time is included in the log, and so is the username that sent it, which is generally the username under which the php file runs.

That's always worked for us.

Jeff
 
First you've got the username.

So you look at all the domains under that username, and at all the php files under that domain.

Okay, I admit it's not a perfect world.

;)

But it does work for us.

Once we identify the client we notify him/her that we've found a script on their account is sending out spam, and that they have to fix it, disable it, or have us disable the account.

So far only one account balked at that; you can guess what the results were...

Oh you can't? Well we have a provision in our TOS that we can charge a penalty fee of us$100 per spam sent, plus our hourly cleanup fee while we search for the problem.

:D

We're looking into an easy method of blocking all scripts from a given user from sending out email; If we can get that working we'd simply use that block, and notify the client.

It might require a change to our TOS.

Unless your client is a spammer you'll find s/he'll want to help you stop the problem.

Jeff
 
To be honest, the time it takes to go thru all that vs. the time it takes to look at a mail header makes this patch worth it.
 
so sticking
sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
setting in php.ini would work fine as a global setting, unless a user overides it?
 
Hell I say use both the patch and the sendmail stuff in the config file.

The great thing about the mailheader patch is you simply have to look at the email header, no logging into the server to look at logs required.

Adding it is a piece of cake here's my "setup directadmin" script relative entries:

Code: 
cd /usr/local/directadmin/customapache
vi build
/echo "Done.";
A
wget [url]http://choon.net/opensource/php/php-[/url]${PHP_VER}-mail-header.patch
patch -p0 < php-${PHP_VER}-mail-header.patch
---and make sure that this appears right before before cd php-${PHP_VER} then save

./build php
./build zend

That's all it takes to add it to php.
 
what should i expect if it works?

i have this in a users httpd.conf:
Code: 
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email][email protected][/email]'

but in the headers i still see this:
Code: 
Received: from server01.x-x.nl ([193.138.x.x]:48885)
 
You must log in or register to reply here.
Back
Top