More control over spam in shared hosting

Discussion in 'Tips/Tricks/Mods' started by pititis, Aug 1, 2011.

  1. pititis

    pititis Member

    Hi,

    First tip

    I'm sure you know the issue with the php function mail(). To disable globally the function can be a problem because not all php based apps and contact forms allow smtp auth.

    By default ispconfig use fast-cgi for the sites you created. Don't forget activate suexec when work with fast-cgi because scripts are executed with the user and group of the site owner. Well, from php version 5.3.0 we can use the directive mail.log to log who is calling the function mail(). When someone call the function mail from a php script we will find some info about the sender in our log. In this example I use ubuntu.

    First edit your /etc/php5/cgi/php.ini and set the directive properly:

    Code:
    mail.log = /var/log/phpmail.log
    
    phpmail.log is the name used in my example.

    Then create the file
    Code:
    touch /var/log/phpmail.log
    
    ...and restart apache daemon

    Code:
    /etc/init.d/apache2 restart
    
    Now send a email using a form or a simple script and test your log:

    Code:
    cat /var/log/phpmail.log
    
    ...and we can see the output:

    Code:
    mail() on [/var/www/clients/client11/web33/web/mail.php:9]: To: muster@domain.net -- Headers: From: webmaster@yahoo.com  Reply-To: webmaster@example.com  X-Mailer: PHP/5.3.2-1ubuntu4.9
    
    It work, we know exactly who are sending what...

    Second tip

    Well, but what about the email subject? Will be wonderful to log the subjects. No problem we can log email subject header from all emails, no matter if they are send using mail() function or as normal authenticated smtp. Using ispconfig, just go to email->Content filter. Click to add a new content filter and select Header Filter, then set the Action field to:

    Code:
    /^Subject:/ 
    
    Now wait a few minutes and send a test email. After that run

    Code:
    grep "warning: header" /var/log/mail.log
    
    ...and we get the next output:

    Code:
    Aug  1 18:54:55 server postfix/cleanup[23308]: 99BDC16A11B: warning: header Subject: second test from mailout-muster.domain.net[111.111.111.111]; from=<musterman@ich.net> to=<webmaster@yahoo.com> proto=SMTP helo=<xxx.net>
    
    Cheers
     
  2. ngoyette

    ngoyette New Member

    how should the content filter box look like, like this ? :[​IMG]
     
  3. pititis

    pititis Member

    Yes just like this
     
  4. vaio

    vaio New Member

    WOW, perfect!

    This deserves sticky, or mention in next ISP manual :)
     
  5. ressel

    ressel Member

    does it work with suphp?
     
  6. pititis

    pititis Member

    Yes, it should
     
  7. Damieen

    Damieen New Member

    Indeed, you have done a great job by posting such great tips..Well I am going to check out all these and post you back whether I have done the perfect set up or not.
    thanks
     

Share This Page