Hi,
Please find attached a small patch to the PHP mail() function. It adds
two options to php.ini:
- mail_add_cgi_headers: add SERVER_NAME, SCRIPT_NAME and REMOTE_ADDR to
the mail headers before piping it to sendmail with the X-CGI-VAR
prefix), - mail_custom_headers: specify additionnal, site-wide headers (i.e.:
"X-Abuse-To: abuse@site.net").
If you include this contribution to the official PHP source tree, please
mention this email address and my company name: Online.net.
Regards.
--
Olivier Beyssac - obeyssac@proxad.net
in conjunction with this patch, i find that in ext/standard/mail.c,
php_mail function doesn't check whether user supplies To in headers.
so, if user uses To in first parameter and another identical To in
headers, this leads into double email sending. is this the expected
behaviour or some workaround needed on this?
regards,
Please find attached a small patch to the PHP
mail()function.
I'm sorry but I would like to know if I did something wrong with
this patch submission? Please let me know if I submitted it to a
wrong address or in a wrong format.
--
Olivier Beyssac - obeyssac@proxad.net
----- Original Message -----
From: "Olivier Beyssac" obeyssac@proxad.net
To: internals@lists.php.net
Sent: Friday, January 07, 2005 4:57 AM
Subject: Re: [PHP-DEV] Patch to PHP mail() function
Please find attached a small patch to the PHP
mail()function.I'm sorry but I would like to know if I did something wrong with
this patch submission? Please let me know if I submitted it to a
wrong address or in a wrong format.
while i can't speak for why noone has replied to your mail, please search
the list archives for the discussion of my equivalent patch submission a few
months back. in short, it was rejected and while i might disagree with that
(the arguments against were wrong and a derivative patch is now being used
in production on a lot of shared servers running cpanel), there appears to
be no chance of having something like this get accepted.
-p
Paul G wrote:
while i can't speak for why noone has replied to your mail, please
search the list archives for the discussion of my equivalent patch
submission a few months back. in short, it was rejected and while i might
disagree with that (the arguments against were wrong and a derivative
patch is now being used in production on a lot of shared servers running
cpanel), there appears to be no chance of having something like this
get accepted.
OK, I found your thread here:
http://marc.theaimsgroup.com/?t=108592532700002&r=1&w=2
Well, I have the same needs as you: we have a lot of VHosts, a lot of
untrusted users, a lot of untrusted PHP scripts and our abuse team wants
to be able to identify any script that generated unsollicited emails. We
have ways to control network sockets usage too. And as far as I know, all
my friends who are working for other hosting companies have similar
restrictions. My patch only adds header if php.ini directives tell him
to do so and doesn't change any default behaviour or POLA.
Only my 10 cents... I don't want to start any flame-war but I wanted
to say that adding those headers is a really useful feature for us too.
--
Olivier Beyssac - obeyssac@proxad.net