Ilia Alshanetsky wrote:
On 13-Dec-06, at 5:12 PM, Stut wrote:
Ilia Alshanetsky wrote:
Is there any interest in adding support for logging of mail() calls
and/or adding options that allow identification of who sent the e-mail.
I've wrote a quick patch that enables this functionality via two ini
settings controllable via php.ini or per-virtual host.
The first option, mail.add_x_header (boolean) allows you to enable
the addition of the X-PHP-Originating-Script header to each mail sent
by mail(), which will include the uid of the script and its name. The
combination of the two should be sufficient to identify the user to
whom the script belongs and via a simple find command locate the
actual script. This option is intended primarily for instances where
you have a bounced e-mail or a forwarded mail with a spam complaint,
allowing you to quickly identify the offender.
The second option, mail.log (takes a filename) allows you to enable
logging of every single mail() call, each log line will include the
fullpath of the file and the line where the mail() was called from in
addition to the "To" address and any headers (to keep track of CC,
BCC) that were part of the function call. To ensure that each log
line is 1 line long, \r and \n are replaced with spaces.
The patch that makes this possible can be found here:
http://ilia.ws/uploads/patches/mail_log.txt.gz
Yes, yes, yes, a thousand times yes. I'm assuming the filename is the
full path and filename? Couldn't that be considered a security risk?
Only in the log file, for the header only the filename is included, so
there is no security risk here.
IMHO it would be better to have an option that would provide the
domain name and the filename relative to the site root (if available).
Also, I'm assuming this is configurable via php_flag in an Apache
configuration file?
It can be controlled via httpd.conf but not via .htaccess.
Excellent.
I'm thinking about this from an ISP point of view... we get a lot of
abuse reports because people have poorly written form handlers. It would
be great if we could have PHP insert the full URL, domain name included,
in the mail headers for anything it sends. Would that be possible?
I know that would only affect emails sent using the mail function, but
it would be a massive improvement from where we are today.
-Stut
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php