Beau's PHP 5 mail() logging Solution for Windows Server 2003

When I set out to stop spammers from exploiting poorly written scripts scattered across various web sites hosted on a Windows server, I had no idea that I was in for such a long journey. I will try to lay out the steps I took in order to solve the problem, which I am happy to report is working well.

The Problem:
PHP as of 5.2.1 provides no way of tracking which script, or even which web site is the source of an email being delivered using PHP's mail() function. Because so many web applications use it, I didn't want to disable it. Furthermore, the idea of combing through all of the code on multiple sites was not intriguing. Furthermore, I can't change someone else's code and I don't want to start isolating customers by turning their scripts off.

The Platform:
Using a Windows 2003 Server and PHP 5.1.2, I thought this would be quick. Basically, the fix isn't that difficult, but finding the solution led me to many options for Linux / Apache, but few for Windows.

The Details:
I first discovered the option of patching mail.c, thanks to Ilia Alshanetsky's blog at http://ilia.ws/archives/149-mail-logging-for-PHP.html.

I wanted to provide similar functionality for Windows, but did not want to recompile PHP in a Windows environment. The patch added code so that every script sent from the server adds x-header information, such as the script and site sending it, as well as logging what goes out.

The Solution: (PHP Sendmail Wrapper Script + Fake Sendmail + php.ini)
I found a few other alternatives until finally deciding on a unique combination of tools to get the job done. First off, if you are not going to change users code, or patch and recompile the PHP source, you have to have some method of capturing the email leaving the web site, but before it gets to the mail server. In comes Sendmail Wrapper from Greg Maclellan (www.gregmaclellan.com)and Fake Sendmail from Byron Jones (http://glob.com.au/sendmail/.)

The Sendmail Wrapper PHP script is a great little script that will accept mail just as if it were sendmail and then deliver it to the real sendmail (or fake sendmail in my case). The clever part here is that you can specify this script as the default mail server in your PHP.INI file. For Windows, just disable the smtp port, host, etc.. and put c:usrlibsendmail_wrapper.php  as your  path to sendmail. (Yes, specifying the sendmail path will work on Windows).

Setting up Sendmail for Windows was fairly straight forward. The executable sits in c:usrlibsendmail and includes an ini file that lets you forward mail to your real SMTP server and specify a few other options, including a folder to log the messages. Sendmail simply captures the email piped to it from a script.

Putting the two together was fairly easy. I modified the sendmail wrapper script to use the path to sendmail and made sure fake sendmail was up and running. I also decided since I could let fake sendmail do authentication against an SMTP server to put an actual mail account on my mail server specifically for handling the mail processed via php and I added some limitations, one being a quota no more than 500 messages per day.

The final piece of the puzzle was getting PHP to add some extra headers beyond what the Sendmail Wrapper script was providing so I would really have some robust information. I decided to use Environment Variables and PHP's append directive in php.ini to set some variables up on each page. This idea is credited to Harold Paulson who posted on Greg Maclellan's blog. I made a page called prepend.php and put in in my php append path (or prepend, you choose). I added the following information to mine, although you could really capture anything you wanted to add to the message header).

<?
putenv("REMOTE_ADDR=" . $_SERVER['REMOTE_ADDR']);
putenv("SCRIPT_NAME=" . $_SERVER['SCRIPT_NAME']);
putenv("SERVER_NAME=" . $_SERVER['SERVER_NAME']);
?>

Next, I made a modification to the sendmail_wrapper script to include this information in the headers of the mail.

// additional headers
$add_headers["X-MsgID"] = $messageid;
$add_headers["X-SenderIP"] = $_ENV["REMOTE_ADDR"];
$add_headers["X-WebSite"] = $_ENV["SERVER_NAME"];
$add_headers["X-Script"] = $_ENV["SCRIPT_NAME"];

I replaced the existing line (below) in the script with the above.

if (preg_match("|C:/Program Files/Plexus/Sites/([a-zA-Z0-9._-]*)(/.*)?|", $_ENV["PWD"], $matches)) {
    $add_headers["X-Generating-Domain"] = $matches[1];
}


A few tips on making this work:
Be certain you have assigned permissions for the user that PHP is running as to have access to execute this script. Also, I believe in PHP 5 you still need to make sure cmd.exe has execute permissions to call the script. Finally, you must execute it using php.exe the CLI (Command Line Interface), not php-cgi.exe or the script will have trouble reading the STDIN input. If you ran the PHP binary installer when you originally installed PHP, head over to http://snaps.php.net/ and download the zip file, which will contain php.exe. Better yet, it might be a good day to upgrade anyway. Don't forget to restart IIS after you make the changes to php.ini.


Read and post comments | Send to a friend

Comments

Post a Comment

Popular posts from this blog

Apple TV - Recover from nothing Take 2

Ok, so I have updated this for Take 2 and Leopard. This is more of a rought draft, but it worked well for me. Please comment if I have missed any steps since I am writing this after the fact. One big change from the original article us you can let Disk Utility do some of the work for you now. Also, I just skipped the restore partition to keep it simple since that was the source of many problems. Connect your Apple TV drive in Leopard. Remember disk1 may not be the name of your drive. From the terminal: Wipe out and re-create the partition structure sudo diskutil unmountDisk /dev/disk1 sudo gpt destroy /dev/disk1 sudo gpt create /dev/disk1 Create the OSBoot Partition sudo gpt add -b 888872 -i 3 -s 1843200 -t hfs /dev/disk1 diskutil unmountDisk /dev/disk1 sudo diskutil eraseVolume "Journaled HFS+" OSBoot /dev/disk1s3 diskutil unmountDisk /dev/disk1 Create the Media Partition Go to Disk Utility and format the Media partition - Name i
Read more

Convert a LiveCycle Form back to an Acrobat Form

Image
PDF Forms that were saved with Adobe LiveCycle cannot be programatically filled and flattened using most API's, like ActivePDF. However, you can convert your LiveCycle PDF form back into a static PDF. 1. Open the form in LiveCycle and save it as Adobe Static PDF form. (Example using Acrobat X Pro) 2. Download PDFTK  http://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/ 3. Remove extra XML data with the following command line. I copied the creditApplication.pdf file to the same folder. "pdftk creditApplication.pdf output test.pdf drop_xfa" 4. Now you can open the form in Acrobat and rename the forms fields. By default, the conversion might append form[0] stuff to the field names, so I rename them. 5. Save the new PDF using "Save As". Choose "Adobe PDF Files, Optimized (*.pdf)" and in the optimizer window, make it compatible with Acrobat 4.0 and later. 6. You now have a form fillable PDF that you can use programatically and will flatten properly. [gallery
Read more

Converting a MySQL database to SQLite on a Mac

Image
I recently decided to migrate an e-commerce shopping cart system I have been developing for a long time from MySQL to SQLite. I went back and forth over this idea, but I decided it made sense to have an e-commerce shopping cart that the user can install by literally dropping the folder into the site. In order to make the transition as easy as possible, I decided to try to convert the database rather than re-create the many tables and fields needed to make it all work. During my research I found some paid products and a bunch of scripts scattered around, many in Perl. I was looking for something simple that I could try out with minimal effort. I found a script posted at http://www.jbip.net/content/how-convert-mysql-sqlite that worked like a charm for me. I use a Macbook Pro running Snow Leopard. I develop using a local MySQL database and Apache using  MAMP . In order to get started, you need to do a MySQL dump of your database (in t
Read more