Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd April 2012, 23:06
ngoyette ngoyette is offline
Member
 
Join Date: Sep 2011
Posts: 41
Thanks: 15
Thanked 1 Time in 1 Post
Default phpmailer log problem

Hello,

We recently discovered one of our hosted web sites was hacked,, and it was sending spam / fishing trough phpmailer

i followed a howto to log sendmail.. : http://www.howtoforge.com/how-to-log...tect-form-spam

it doesn't work even when i change /tmp/mail_log patch .. still no log ...

is there a better way to log php mailer's ?
how can i force my users to use the smtp server with login and credential instead of this?

thank you


btw i found this because email sent bounced back , and landed inside /var/mail/webX
Reply With Quote
Sponsored Links
  #2  
Old 3rd April 2012, 07:24
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,777
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default

Which php version do you use? If its php 5.3, then logging is already built into php.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
ngoyette (3rd April 2012)
  #3  
Old 3rd April 2012, 16:15
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

Like Till said, if you are running php>5.3 try this:



http://www.howtoforge.com/forums/showthread.php?t=53617

You can also disable mail function in php globally, then each user must use smtp auth to send mail but not always is a good idea because maybe they are using software without smpt auth support. Anyway you can disable the mail function where is necessary (using the "custom php.ini settings" field in ispconfig->sites->web domains->webdomainname->options

Example:
Code:
disable_functions = exec,passthru,popen,ini_set,system,show_source,shell_exec,proc_open,mail
Cheers

Last edited by pititis; 3rd April 2012 at 16:29.
Reply With Quote
The Following User Says Thank You to pititis For This Useful Post:
ngoyette (3rd April 2012)
  #4  
Old 3rd April 2012, 16:53
ngoyette ngoyette is offline
Member
 
Join Date: Sep 2011
Posts: 41
Thanks: 15
Thanked 1 Time in 1 Post
Default

yes using PHP Version 5.3.3-7+squeeze8

i followed guide on other page, chown the file to root:adm and even tried chmod 777 nothing is writing in phpmail.log


where can i find trace of error?
Reply With Quote
  #5  
Old 3rd April 2012, 16:56
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

try root:root
Reply With Quote
  #6  
Old 3rd April 2012, 17:00
ngoyette ngoyette is offline
Member
 
Join Date: Sep 2011
Posts: 41
Thanks: 15
Thanked 1 Time in 1 Post
Default

no dice,

this is my test sendmail script:

PHP Code:
<?php
mail
('test@hiddenmail.com','This is a test message subject','This is a test message body');
echo 
'Mail sent.';
?>
i receive test mail...

here is my config of /etc/php5/cgi/php.ini and /etc/php5/apache2/php.ini
Code:
mail.log = /var/log/phpmail.log
the file /var/log/phpmail.log is root:root and 777,
Code:
-rwxrwxrwx  1 root        root              0 Apr  3 10:31 phpmail.log
no idea why it doesn't log anything yet
Reply With Quote
  #7  
Old 3rd April 2012, 17:04
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

Did you restart apache?

Reply With Quote
The Following User Says Thank You to pititis For This Useful Post:
ngoyette (3rd April 2012)
  #8  
Old 3rd April 2012, 17:28
ngoyette ngoyette is offline
Member
 
Join Date: Sep 2011
Posts: 41
Thanks: 15
Thanked 1 Time in 1 Post
Default

stupid me :P

yes thank you very much apreciated!!!
Reply With Quote
  #9  
Old 3rd April 2012, 17:32
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

Glad to help you!
Reply With Quote
  #10  
Old 3rd April 2012, 17:35
ngoyette ngoyette is offline
Member
 
Join Date: Sep 2011
Posts: 41
Thanks: 15
Thanked 1 Time in 1 Post
 
Default

now i need to secure the log?

because its not login unless i 777 the file
is this file write by client like webx/clientx ? or by apache itself?

cause all my log files are 640 root:adm ...

but doing so to phpmail.log not working
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
table lookup problem aurelius Installation/Configuration 5 2nd November 2011 19:12
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
SMTP error Dovecot postfix aberrio Server Operation 26 3rd February 2011 14:25
Log problem hochanh Server Operation 3 6th April 2008 18:10
Daily mail logrotation?! schmidse Installation/Configuration 4 21st January 2008 13:55


All times are GMT +2. The time now is 22:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.