[BlueOnyx:10253] Re: Trojans and backdoors? - Suggested BlueOnyx improvement
Michael Stauber
mstauber at blueonyx.it
Fri Apr 20 09:27:43 -05 2012
Hi Maurice,
> However, I'm wondering what this will do in my non default setup. Hope you
> can explain.
>
> I already have php_admin_value sendmail_path set for each vsite's apache
> config in each sitexx.include file. This probably will conflict with the
> new settings I guess?
Yes and no. I just tested it:
In siteX I have the new ...
php_admin_value sendmail_path /usr/sausalito/sbin/phpsendmail
... and I manually added ...
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i"
... to siteX.include. After a restart of Apache I used a script to send an
email and watched /var/log/maillog.
The PHP related email activity was still logged via
/usr/sausalito/sbin/phpsendmail, so I can say that a "php_admin_value
sendmail_path" setting in a siteX.include file will now be ignored and the one
in the siteX file takes precendence.
> The reason I change the sendmail_path [...]
> In short:
> phpscripts (non suPHP) run as apache, therefor the smtp 'evenloppe from'
> from mails send by php scripts is set to apache at ...
Yeah, at the moment the wrapper just calls it with ...
/usr/sbin/sendmail -t -i $*
... so there is no "-f" specified. But that is done for a reason, because do
we really need to hard wire a sender address? I say: NO! And see below why.
In fact the "missing" or "wrong" sender address is due to wrong usage of the
mail() command.
The PHP mail() command lets you easily specify a certain email address as
sender address. But if none is given, it will use the owner of the script as
sender address. So if Apache owns the file, the sender address will be
"apache". Sendmail will then append the domain name by itself.
Yes, this can be overridden by passing "-f sender-address" to Sendmail in the
php.ini or via "php_admin_value sendmail_path". But that's actually changing
the server config to compensate for a programming error.
So let us not go there!
All you really need is this:
http://email.about.com/od/emailprogrammingtips/qt/How_to_Send_Emails_with_Extra_Headers_in_PHP.htm
<?php
$to = "recipient at example.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
$headers = "From: sender at example.com\r\n" .
"X-Mailer: php";
if (mail($to, $subject, $body, $headers)) {
echo("<p>Message sent!</p>");
} else {
echo("<p>Message delivery failed...</p>");
}
?>
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list