1

Coincidentally I notice that mails sent out by a PHP script include X-AntiAbuse and X-Source headers that include details about the server and script sending these e-mails. These are useful to track down abuse and locate the culprit. However, in one case I do not want these details to be sent out, because they show the directory of my script which I do not want to broadcast publicly. Sample:

X-Source-Dir: directory_of_my_script

The thing is, I am not sure what causes these headers to be added. Is it PHP? Or an Apache security tool? Can this be deactivated?

Some details about our environment: CentOS, WHM, using PEAR to send these mails, PHP 5.3, Suhosin.

Thanks

  • See: http://forums.cpanel.net/f43/disabling-x-php-script-x-souce-dir-headers-email-215012.html#post887432 this may be WHM specific. If you ever encounter `X-PHP-Script` it can be disabled in php.ini, but it is the first time I hear about `X-Source-Dir`. – dev-null-dweller Nov 24 '11 at 00:25

1 Answers1

0

I've just tested on my system and i'm not seeing any such headers. Chances are it's your smtp server/sendmail that is attaching these headers.

Ben Rowe
  • 28,406
  • 6
  • 55
  • 75