Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:35551
Return-Path: <paul@vanbrouwershaven.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9644 invoked by uid 1010); 18 Feb 2008 12:00:51 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 9619 invoked from network); 18 Feb 2008 12:00:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Feb 2008 12:00:50 -0000
Received: from [127.0.0.1] ([127.0.0.1:9053])
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ECSTREAM
	id 64/81-32389-E6379B74 for <internals@lists.php.net>; Mon, 18 Feb 2008 07:00:46 -0500
X-Host-Fingerprint: 212.123.152.214 212-123-152-214.dsl.ip.tiscali.nl  
Received: from [212.123.152.214] ([212.123.152.214:18452] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F3/10-32389-7B669B74 for <internals@lists.php.net>; Mon, 18 Feb 2008 06:06:32 -0500
Message-ID: <F3.10.32389.7B669B74@pb1.pair.com>
To: internals@lists.php.net
Date: Mon, 18 Feb 2008 12:06:32 +0100
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Posted-By: 212.123.152.214
Subject: PHP mail() header patch for SafeMode
From: paul@vanbrouwershaven.com (Paul van Brouwershaven)

Hi All,

I'm working for an hosting company, we have a lot of PHP users and see regularly that one of the 
scripts from our users is hacked. Result?, a lot of spam on the net, and a lot of work the find the 
spamming scripts on the servers.

If you have a PHP script that sends mail, the recipient of the mail message will only see which 
server it was sent from. There will normally be no record of who originated the message, or which 
script on the server actually caused it to be sent. This can make it difficult to trace misuse, even 
if you have comprehensive mail and webserver logs.

I think it should be usefull to add the "PHP mail() header patch" from Steve Bennett in safemode by 
default.

The header could be in the form:

     X-PHP-Script: <servername><php-self> for <remote-addr>

For example:

     X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1

The patch can be found at:

http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/

Best Regards,

Paul van Brouwershaven