folks,
first post/patch, please be gentle <g>.
hosting companies using mod_php have a *very* hard time preventing and
tracking abuse of mail(). when sendmail is invoked from a suexeced cgi
script, we get the username. with mod_php mail(), we get a big fat nothing,
a ton of spam in the spool and a bunch of abuse reports from ticked off
victims. we then go on a grepping witchhunt, which is hardly a workable
option on a busy production box.
the patch i am including below apends an X-AntiAbusePHP:
/path/to/script/which/is/spewing header to all messages sent through mail().
while we will be actively parsing that header in our sendmail replacement
script, leaving the username only and throttling/limiting based on per-user
sending threshholds, those who do not go that far to be good netizens will
at least be able to identify the source of spewage post mortem.
we already have iptables ACLs in place to prevent unauthorized connections
to remotehost:25, but most people can not implement that, so the socket
calls may be my next mutilation target. with that said, it would be much
more intrusive (hence likely unsuitable for addition into the core) and i
thought it would be more prudent to test the waters with a trivial patch,
since i am likely to have done something wrong/contrary to the php way of
doing things.
i would think this {sh,c}ould be ifdefined, but being unfamiliar with the
status quo policy on that and considering that the patch has a fair chance
of being unwelcome, i did not pursue it.
cheers,
paul
diff -ru php-4.3.6/ext/standard/mail.c php-4.3.6.abuse1/ext/standard/mail.c
--- php-4.3.6/ext/standard/mail.c 2004-01-08 20:35:58.000000000 -0500
+++ php-4.3.6.abuse1/ext/standard/mail.c 2004-05-30
08:27:55.000000000 -0400
@@ -87,6 +87,8 @@
int to_len, message_len, headers_len;
int subject_len, extra_cmd_len, i;
char *to_r, *subject_r;
+ char *exec_file=NULL;
+ int abuseh_len=0, got_headers=0;
if (PG(safe_mode) && (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE
Restriction in effect. The fifth parameter is disabled in SAFE MODE.");
@@ -103,6 +105,18 @@
return;
}
+ got_headers = headers ? 1 : 0;
+ exec_file= zend_get_executed_filename(TSRMLS_C);
+ /* add 2 [strlen("\r\n")] _if_ we are appending to preexisting
headers */
+ abuseh_len = (got_headers*2) + strlen(ABUSE_HEADER_TAG) +
strlen(ABUSE_HEADER_SRC) + strlen(exec_file);
+ headers = got_headers ? erealloc(headers, headers_len + abuseh_len +
1) : emalloc(abuseh_len + 1);
+ if(got_headers) strcat(headers, "\r\n");
+ strcat(headers, ABUSE_HEADER_TAG);
+ strcat(headers, ABUSE_HEADER_SRC);
+ strcat(headers, exec_file);
+ headers_len += abuseh_len;
+
+
if (to_len > 0) {
to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
diff -ru php-4.3.6/ext/standard/php_mail.h
php-4.3.6.abuse1/ext/standard/php_mail.h
--- php-4.3.6/ext/standard/php_mail.h 2002-12-31 11:35:33.000000000 -0500
+++ php-4.3.6.abuse1/ext/standard/php_mail.h 2004-05-30
08:26:59.000000000 -0400
@@ -24,6 +24,9 @@
PHP_FUNCTION(mail);
PHP_MINFO_FUNCTION(mail);
+#define ABUSE_HEADER_TAG "X-AntiAbusePHP: Added to track PHP abuse,
please include with any abuse report\r\n"
+#define ABUSE_HEADER_SRC "X-AntiAbusePHP: This message was sent
through "
+
#if HAVE_SENDMAIL
PHP_FUNCTION(ezmlm_hash);
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
