[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Solution for securing PHP mail()


This is the solution I've set up in order to secure PHP mail() function on a webhosting server. The problem is that mails sent with PHP doesn't include
any information about the sender. The username is www-data and in case
of spam the administrator must use apache logs to find the website responsible
for the spam.

This solution doesn't require any modification in PHP neither exim source code.

For each vhost in apache configuration you need to add the following line: php_admin_value sendmail_path "/usr/bin/sendmail-secure www.vhost.com"

then use a custom sendmail-secure script. Following script is an example in
python :


import sys
from popen2 import popen2

data = ""
l = sys.stdin.readline()
header = 1
while l:
    if l == "\n" and header == 1:
       data += "X-Complaints-To: abuse@planet-work.net\n"
data += "X-Abuse-Info: Please be sure to forward a copy of ALL headers\n" data += "X-Abuse-Info: Otherwise we will be unable to process your complaint properly.\n"
       data += "X-Domain: %s\n\n" % sys.argv[1]
       header = 0
       data += l
    l = sys.stdin.readline()

(out, s) = popen2('/usr/sbin/sendmail -t -i')

In addition, you should add an output filter to exim for discarding pishing mails
for paypal or ebay.

In /etc/exim4/exim.conf add the following line :
  system_filter = /etc/exim4/exim.filter

/etc/exim4/exim.filter contains :
# Exim filter

logfile /var/log/exim_mainlog

if $received_protocol is "local" and
        ($header_from contains "@ebay.com" or
         $header_from contains "@paypal.com")
logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole."
        seen finish



Reply to: