How to log all PHP based E-mails for abuse

Step #1 - Create Wrapper Script

vi /usr/local/bin/phpsendmail

#!/usr/bin/php
<?php

//changed by realtechtalk.com to make the log readable
/**
  This script is a sendmail wrapper for php to log calls of the php mail() function.
  Author: Till Brehm, www.ispconfig.org
  (Hopefully) secured by David Goodwin <david @ _palepurple_.co.uk>
*/

$sendmail_bin = '/usr/sbin/sendmail';
$logfile = '/tmp/mail_php.log';

//* Get the email content
$logline = '';
$pointer = fopen('php://stdin', 'r');

while ($line = fgets($pointer)) {
        if(preg_match('/^to:/i', $line) || preg_match('/^from:/i', $line)) {
                $logline .= trim($line).' ';
        }
        $mail .= $line;
}

//* compose the sendmail command
$command = 'echo ' . escapeshellarg($mail) . ' | '.$sendmail_bin.' -t -i';
for ($i = 1; $i < $_SERVER['argc']; $i++) {
        $command .= escapeshellarg($_SERVER['argv'][$i]).' ';
}



//* Write the log
//file_put_contents($logfile, date('Y-m-d H:i:s') . ' ' . $_ENV['PWD'] . ' ' . $logline, FILE_APPEND);

//changed by realtechtalk.com to make the log readable
file_put_contents($logfile, date('Y-m-d H:i:s') . ' ' . $_ENV['PWD'] . ' ' . $logline . PHP_EOL, FILE_APPEND);
//* Execute the command
return shell_exec($command);
?>

Make it executable:

chmod +x /usr/local/bin/phpsendmail

Create Log File (on Centos the log does not get created or written to unless you do it manually)

touch /tmp/mail_php.log; chmod 777 /tmp/mail_php.log;chown apache.apache /tmp/mail_php.log

Step 2 - Backup & Modify php.ini

cp /etc/php.ini /etc/php.ini-bk

(Your php.ini may be in a different location depending on your OS/control panel).

Edit  /etc/php.ini

Find the part that starts with "sendmail" and make it like my example below:

sendmail_path = /usr/local/bin/phpsendmail

; For Win32 only.
;sendmail_from = me@example.com

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
;sendmail_path = /usr/sbin/sendmail -t -i
sendmail_path = /usr/local/bin/phpsendmail

Restart httpd:

service httpd restart

After this you should find entries in /tmp/mail_php.log
 


Tags:

php, mails, abusestep, wrapper, vi, usr, bin, phpsendmail, realtechtalk, readable, sendmail, author, brehm, www, ispconfig, org, secured, goodwin, _palepurple_, uk, sendmail_bin, sbin, logfile, tmp, mail_php, email, content, logline, pointer, fopen, stdin, fgets, preg_match, trim, compose, echo, escapeshellarg, _server, argc, argv, file_put_contents, _env, pwd, file_append, php_eol, execute, shell_exec, executable, chmod, centos, manually, chown, apache, modify, ini, cp, etc, bk, depending, os, panel, edit, quot, sendmail_path, sendmail_from, unix, arguments, default, restart, httpd, entries,

Latest Articles

  • ssh Too many authentication failures not prompting for password
  • LightDM Mint Ubuntu Debian won't start errors Nvidia Graphics
  • WARNING: Unable to determine the path to install the libglvnd EGL vendor library config files. Check that you have pkg-config and the libglvnd development libraries installed, or specify a path with --glvnd-egl-config-path. Linux Ubuntu Mint Debian E
  • How To Upgrade Linux Mint 18.2 to 18.3 to 19.x and 20.x
  • MP3s Won't Play / ID3 Version 2.4 Issues in Cars and Other MP3 Players/CDs/DVDs Solution
  • LXC Containers LXD How to Install and Configure Tutorial Ubuntu Debian Mint
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
  • Ubuntu Mint audio output not working pulseaudio "pulseaudio[13710]: [pulseaudio] sink-input.c: Failed to create sink input: too many inputs per sink."
  • How To Shrink Dynamically Allocated VM QEMU KVM VMware Disk Image File
  • How To Enable Linux Swapfile Instead of Partition Ubuntu Mint Debian Centos
  • 404 Not Found [IP: 151.101.194.132 80] apt update Debian 11 Bullseye Solution The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
  • WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
  • (firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution
  • Debian Mint Ubuntu Which Package Provides missing top, ps and w Solution
  • Vbox Virtualbox DNS NAT Network Mode NOT working
  • Docker Tutorial HowTo Install Docker, Use and Create Docker Container Images Clustering Swarm Mode Monitoring Service Hosting Provider
  • Zoom Password Error 'That passcode was incorrect' - Solution Wrong Passcode Wrong Meeting Name
  • How To Startup and Open Remote/Local Folder/Directory in Ubuntu Linux Mint automatically upon login
  • How To Reset Windows Server Password 2019, 2022, 7, 8, 10, 11 Recovery and Removal Guide Using Linux Ubuntu Mint Debian
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication