Article 11250 at 07/11/27 18:13:08 From: nmyftiu (at mark) yahoo.com Subject: [coba-e:11250] Re: AW: Re: Tracing emails being sent with apache

Index: [Article Count Order] [Thread]
Date:  Tue, 27 Nov 2007 01:12:29 -0800 (PST)
From:  Neritan Myftiu <nmyftiu (at mark) yahoo.com>
Subject:  [coba-e:11250] Re: AW:  Re: Tracing emails being sent with apache
To:  coba-e (at mark) bluequartz.org
Message-Id:  <325752.18740.qm (at mark) web90605.mail.mud.yahoo.com>
X-Mail-Count: 11250

Hi,



Another setting you'd like to disable in php.ini (either globally or
per-site basis) is allow_url_fopen -- it's used quite often to generate
bulk mail by pulling addresses and messages from external hosts.



Hope this helps,

Neritan

----- Original Message ----
From: Michael Stauber <bq (at mark) solarspeed.net>
To: coba-e (at mark) bluequartz.org
Sent: Tuesday, November 27, 2007 7:35:29 AM
Subject: [coba-e:11249] Re: AW:  Re: Tracing emails being sent with apache


Hi Rashid,

> So far, I had already tried Gerald's and your
> technique before sending out the SOS.  So I am
> still stuck.  I can't seem to find something that
> is showing a large amount of repetition in the logs.
>
> If anyone has any other ideas, I am definitely in
> need of one.  I normally find these things but this time I am stuck.

OK, this is somewhat drastic, but it might help.

In php.ini set:

disable_functions = mail

This will disable the mail() function in PHP entirely - for all PHP
 scripts. 
It has to be set in php.ini and cannot be set anywhere else. 

Now if someone tries to use the mail() function in PHP the script will
 error 
out and this error(s) will also be logged in the Apache error logfile.
 That 
allows you to easily find which scripts make use of the mail() function
 and 
how often that happens.

It is not entirely foolproof as there are tons of ways to send emails
 with 
PHP. The mail() function is the most commonly used way, as it offers
 the 
least hassles. You can also send mail over system calls or sockets, or 
external PHP classes which use different methods than the mail()
 function 
itself. 

But nonetheless it's a start and for troubleshooting purposes I'd
 suggest to 
try this first. If it doesn't work out right away, you could deny
 additional 
PHP functions as well, like this:

disable_functions = mail,system,sockets

However, please note that dissalowing system() and sockets() will most
 likely 
break a lot of unrelated scripts. So if you do that, be prepared for a
 lot of 
collateral damage.

-- 
With best regards,

Michael Stauber






      ____________________________________________________________________________________
Get easy, one-click access to your favorites. 
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs