0

This question relates to the question found here:

Find the php script thats sending mails

Trying to do the exact same thing but can't get the log to output what I need. Not too experienced with serverfault and ideally I'd post my followup on the original question, or PM adam to see if he ever found a solution, but looks as though server fault doesn't work that way. I can post an "answer" but that's definitely not what this is.

I have a script located at /usr/local/bin/sendmail-php-logged, with the following:

#!/bin/sh
logger -p mail.info sendmail-php: site=${HTTP_HOST}, client=${REMOTE_ADDR}, script=${SCRIPT_NAME}, filename=${SCRIPT_FILENAME}, docroot=${DOCUMENT_ROOT}, pwd=${PWD}, uid=${UID}, user=$(whoami)

/usr/sbin/sendmail -t -i $*

This is logging to /var/log/maillog, but as Adam mentions in his question, none of the server variables work. Output I'm getting is:

Oct  4 12:16:21 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache
Oct  4 12:16:21 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache
Oct  4 12:17:03 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache
Oct  4 12:17:05 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root
Oct  4 12:17:11 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache
Oct  4 12:17:14 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root
Oct  4 12:17:29 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root
Oct  4 12:17:41 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root

User ID, current user, and pwd are all working, probably because they're globally accessible script resources, and not specific to PHP, like all the others are. I've tried using other server variables as per labradort's instructions, but no joy.

Here's some sample tests:

logger -p mail.info sendmail-php SCRIPT_NAME: ${SCRIPT_NAME}
logger -p mail.info sendmail-php SCRIPT_FILENAME: ${SCRIPT_FILENAME}
logger -p mail.info sendmail-php PATH_INFO: ${PATH_INFO}
logger -p mail.info sendmail-php PHP_SELF: ${PHP_SELF}
logger -p mail.info sendmail-php DOCUMENT_ROOT: ${DOCUMENT_ROOT}
logger -p mail.info sendmail-php REMOTE_ADDR: ${REMOTE_ADDR}

logger -p mail.info sendmail-php SCRIPT_NAME: $SCRIPT_NAME
logger -p mail.info sendmail-php SCRIPT_FILENAME: $SCRIPT_FILENAME
logger -p mail.info sendmail-php PATH_INFO: $PATH_INFO
logger -p mail.info sendmail-php PHP_SELF: $PHP_SELF
logger -p mail.info sendmail-php DOCUMENT_ROOT: $DOCUMENT_ROOT
logger -p mail.info sendmail-php REMOTE_ADDR: $REMOTE_ADDR

And the output:

Oct  4 12:58:02 fluke logger: sendmail-php SCRIPT_NAME:
Oct  4 12:58:02 fluke logger: sendmail-php SCRIPT_FILENAME:
Oct  4 12:58:02 fluke logger: sendmail-php PATH_INFO:
Oct  4 12:58:02 fluke logger: sendmail-php PHP_SELF:
Oct  4 12:58:02 fluke logger: sendmail-php DOCUMENT_ROOT:
Oct  4 12:58:02 fluke logger: sendmail-php REMOTE_ADDR:

Oct  4 12:58:02 fluke logger: sendmail-php SCRIPT_NAME:
Oct  4 12:58:02 fluke logger: sendmail-php SCRIPT_FILENAME:
Oct  4 12:58:02 fluke logger: sendmail-php PATH_INFO:
Oct  4 12:58:02 fluke logger: sendmail-php PHP_SELF:
Oct  4 12:58:02 fluke logger: sendmail-php DOCUMENT_ROOT:
Oct  4 12:58:02 fluke logger: sendmail-php REMOTE_ADDR:

I'm running php 5.3.10. Unfortunately register_globals is on, for compatibility with legacy systems, but you wouldn't think that would cause the environment variables to stop working.

If someone can give me some hints as to why this might not be working I'll be a very happy man :)

Community
  • 1
Tom McQuarrie
  • 193
  • 7

2 Answers2

0

Perhaps I am missing something, but I don't see anything in the PHP docs that say environment will be created. Why don't you just set your logger statement to something like logger -p mail.info thelog $* which would give you the options that are being passed to sendmail? Or maybe just enabled the mail.log

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • You might be right about the environment variables. I figured if people were upvoting that response as the solution then it should work. The standard mail log is working fine, but doesn't give me details of the calling php script, which is the primary reason for the log. I know I could do this in other ways by editing the calling php to define environment variables before sending, but the reason for doing this logging is to catch exploited php scripts, and a hacker's not likely to bundle up handy environment variables for us, so it really needs to be caught at the system level. – Tom McQuarrie Oct 04 '12 at 03:54
  • Yep environment variables are not set up by default. To get it to work, firstly, I set up a php file with nothing but the following: foreach ( $_SERVER as $k=>$v ) putenv("$k=$v"); As per this post: http://stackoverflow.com/questions/9211452/how-can-i-access-environment-variables-within-a-shell-script-called-by-php I then set it up in php.ini to be prepended to every php request, as per this post: http://stackoverflow.com/questions/7625425/how-to-include-a-php-script-in-all-http-requests-coming-to-the-server. – Tom McQuarrie Oct 04 '12 at 07:58
-1

If you have PHP 5.3 and above, open your php.ini and find the following line

mail.log =

Write the full path to the file you want to make a log and give it chmod 664 access. so that you can read and write to it but no execution since its just a log file

Dr Manhattan
  • 201
  • 1
  • 2
  • 5
  • 2
    Why on earth would you set an execute-bit on a logfile? – Teun Vink Jan 04 '15 at 11:25
  • 1
    Making a file writable to all users sounds like a terrible idea. If the data is so unimportant that you don't mind every single user being able to overwrite it, why would you be storing that data in the first place? – kasperd Jan 04 '15 at 11:31
  • Changed, now whoever marked it down please revert – Dr Manhattan Jan 04 '15 at 17:52