I'm sure you know the issue with the php function mail(). To disable globally the function can be a problem because not all php based apps and contact forms allow smtp auth.
By default ispconfig use fast-cgi for the sites you created. Don't forget activate suexec when work with fast-cgi because scripts are executed with the user and group of the site owner. Well, from php version 5.3.0 we can use the directive mail.log
to log who is calling the function mail(). When someone call the function mail from a php script we will find some info about the sender in our log. In this example I use ubuntu.
First edit your /etc/php5/cgi/php.ini and set the directive properly:
mail.log = /var/log/phpmail.log
phpmail.log is the name used in my example.
Then create the file
...and restart apache daemon
Now send a email using a form or a simple script and test your log:
...and we can see the output:
mail() on [/var/www/clients/client11/web33/web/mail.php:9]: To: email@example.com -- Headers: From: firstname.lastname@example.org Reply-To: email@example.com X-Mailer: PHP/5.3.2-1ubuntu4.9
It work, we know exactly who are sending what...
Well, but what about the email subject? Will be wonderful to log the subjects. No problem we can log email subject header from all emails, no matter if they are send using mail() function or as normal authenticated smtp. Using ispconfig, just go to email->Content filter. Click to add a new content filter and select Header Filter
, then set the Action field to:
Now wait a few minutes and send a test email. After that run
grep "warning: header" /var/log/mail.log
...and we get the next output:
Aug 1 18:54:55 server postfix/cleanup: 99BDC16A11B: warning: header Subject: second test from mailout-muster.domain.net[18.104.22.168]; from=<firstname.lastname@example.org> to=<email@example.com> proto=SMTP helo=<xxx.net>