6 replies to this topic

[anilk510]

Hi,

I am trying to retrieve the php mail function variables. Say a php script has got a mail function as follows.

<?

mail("email@domain.com", "My Subject", "Line 1\nLine 2\nLine 3");

?>

This php script is being executed on a apache server. Is there any way to retrieve this email id from the mail function when its executed through apache? We need to find out to which all email accounts the php mail function is used to send mails.

[Alexander]

Hello,

I would need to know a lot more before I could answer. You cannot really modify the built-in mail() function, you can only disable it. If you have server level access, especially if the users are on a fastcgi PHP installation then it could be easily possible to determine which user has accessed the sendmail MTA. You could even view their sending scripts in that case directly to see where they are coding it to be sended. This leaves me to this question: Why do you need to know? Is there a better way?

You could as well give accounts to people through your own SMTP server hosted internally, or elsewhere instead of allowing anonymous access. Filtering/whitelisting is always an option as well.

Alexander.

[anilk510]

Thank you for your reply.

I can get the user which send the email easily, but getting the username under which the php script ran in suphp environment. But what I need is to collect the email accounts to which the particular mail function send the mail.

[Alexander]

anilk510 said:

Thank you for your reply.

I can get the user which send the email easily, but getting the username under which the php script ran in suphp environment. But what I need is to collect the email accounts to which the particular mail function send the mail.

I apologise for a delayed response.

You could always with suPHP set their default sendmail path to a script instead:

[COLOR=#000000][FONT=monospace]sendmail_path = /usr/local/bin/myrecordingsendmailscript[/FONT][/COLOR]

The script can call things such as :

#!/usr/bin/whereis php-cli
<?php

// sendmail binary that the process can access
$sendmail_bin = '/usr/sbin/sendmail';

// Record attempt
file_put_contents("log.txt", `whoami` . "has used the mail command" | FILE_APPEND);

// Extract email contents from standard input (command line pipe from PHP)
$fp = fopen('php://stdin', 'r');
while ($line = fgets($fp)) {
        $contents .= $line;
}

file_put_contents("log.txt", "Contents (including headers): \r\n" . $contents | FILE_APPEND);

// Pipe the email through the real sendmail application
$shellcommand = "echo " . escapeshellarg($contents) . " | $sendmail_bin -t -i";

// Along with all other parameters (i.e. -f defined my PHP)
for ($i = 1; $i < $_SERVER['argc']; $i++) {
        $shellcommand .= escapeshellarg($_SERVER['argv'][$i]).' ';
}




return shell_exec($command);


?>

I have not ran this code, and can not vouch for its stability - however given this difficult task, that is a perfectly valid solution.

Alexander.

[anilk510]

Thank you Alexander. But your script is not working as expected. I am using the below method. Can you please use this and add the logging of To:, filed, CC:, Bcc field etc and if optional parameters used with mail() function, log that also?

Inside php.ini

sendmail_path = /usr/local/bin/sendmail-logger

auto_prepend_file = /usr/local/bin/php_set_envs.php

File contents

# cat /usr/local/bin/sendmail-logger

logger -p mail.info sendmail-logger: site=${HTTP_HOST}, client=${REMOTE_ADDR}, script=${SCRIPT_NAME}, pwd=${PWD}, uid=${UID}, user=$(whoami), referrer=${HTTP_REFERER}, request-method=${REQUEST_METHOD}

/usr/sbin/sendmail -t -i $*

# cat /usr/local/bin/php_set_envs.php

<?

putenv("HTTP_HOST=".@$_SERVER["HTTP_HOST"]);

putenv("SCRIPT_NAME=".@$_SERVER["SCRIPT_NAME"]);

putenv("SCRIPT_FILENAME=".@$_SERVER["SCRIPT_FILENAME"]);

putenv("DOCUMENT_ROOT=".@$_SERVER["DOCUMENT_ROOT"]);

putenv("REMOTE_ADDR=".@$_SERVER["REMOTE_ADDR"]);

putenv("HTTP_REFERER=".@$_SERVER["HTTP_REFERER"]);

putenv("REQUEST_METHOD=".@$_SERVER["REQUEST_METHOD"]);

putenv("REQUEST_URI=".@$_SERVER["REQUEST_URI"]);

?>

sample Log entry in /var/log/maillog

Dec 12 06:17:11 server logger: sendmail-logger: site=xx.xx.xx.xx, client=yy.yy.yy.yy, script=/mailcc.php, pwd=/usr/local/apache/htdocs, uid=99, user=nobody, referrer=, request-method=GET

[anilk510]

To add to the previous update, I used the following php mail script. You can see Subject, From: , To: , CC: fields. I need to log each these variables.

<?php

$to = "mytest@gmail.com";

$subject = "My subject";

$txt = "Hello world!";

$headers = "From: mytest@yahoo.com" . "\r\n" .

"CC: yourtest@gmail.com";


mail($to,$subject,$txt,$headers);

?>

[Alexander]

You cannot log what mail() sees, you can only log what the user is sending to sendmail (or its logging script)

Think, your logger script accepts variables that are already known ($_...), you are supposed to read from standard input and those will display the mail (not HTTP) headers that contain the To: From: and body.

You can test this and read from php://stdin (php's wrapper for standard input) as I have done, or from BASH's stdin to dump their request to sendmail. You may then send the data as it would normally to the sendmail binary, so that it can be sent while being logged.

I am very rusty with BASH however.

Alexander.