phpmailer log problem

Discussion in 'Tips/Tricks/Mods' started by ngoyette, Apr 2, 2012.

  1. ngoyette

    ngoyette Member

    Hello,

    We recently discovered one of our hosted web sites was hacked,, and it was sending spam / fishing trough phpmailer :(

    i followed a howto to log sendmail.. : http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam

    it doesn't work even when i change /tmp/mail_log patch .. still no log ...

    is there a better way to log php mailer's ?
    how can i force my users to use the smtp server with login and credential instead of this?

    thank you


    btw i found this because email sent bounced back , and landed inside /var/mail/webX
     
    ngoyette, Apr 2, 2012
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which php version do you use? If its php 5.3, then logging is already built into php.
     
    till, Apr 3, 2012
    #2
  3. pititis

    pititis Member

    Like Till said, if you are running php>5.3 try this:



    http://www.howtoforge.com/forums/showthread.php?t=53617

    You can also disable mail function in php globally, then each user must use smtp auth to send mail but not always is a good idea because maybe they are using software without smpt auth support. Anyway you can disable the mail function where is necessary (using the "custom php.ini settings" field in ispconfig->sites->web domains->webdomainname->options

    Example:
    Code:
    disable_functions = exec,passthru,popen,ini_set,system,show_source,shell_exec,proc_open,mail
    Cheers
     
    Last edited: Apr 3, 2012
    pititis, Apr 3, 2012
    #3
  4. ngoyette

    ngoyette Member

    yes using PHP Version 5.3.3-7+squeeze8

    i followed guide on other page, chown the file to root:adm and even tried chmod 777 nothing is writing in phpmail.log :(


    where can i find trace of error?
     
    ngoyette, Apr 3, 2012
    #4
  5. pititis

    pititis Member

    try root:root
     
    pititis, Apr 3, 2012
    #5
  6. ngoyette

    ngoyette Member

    no dice,

    this is my test sendmail script:

    PHP:
    <?php
    mail    ('[email protected]','This is a test message subject','This is a test message body');
    echo     'Mail sent.';
    ?>
    i receive test mail...

    here is my config of /etc/php5/cgi/php.ini and /etc/php5/apache2/php.ini
    Code:
    mail.log = /var/log/phpmail.log
    the file /var/log/phpmail.log is root:root and 777,
    Code:
    -rwxrwxrwx  1 root        root              0 Apr  3 10:31 phpmail.log
    no idea why it doesn't log anything yet
     
    ngoyette, Apr 3, 2012
    #6
  7. pititis

    pititis Member

    Did you restart apache?

    :D
     
    pititis, Apr 3, 2012
    #7
  8. ngoyette

    ngoyette Member

    stupid me :p

    yes thank you very much apreciated!!!
     
    ngoyette, Apr 3, 2012
    #8
  9. pititis

    pititis Member

    Glad to help you!
     
    pititis, Apr 3, 2012
    #9
  10. ngoyette

    ngoyette Member

    now i need to secure the log?

    because its not login unless i 777 the file
    is this file write by client like webx/clientx ? or by apache itself?

    cause all my log files are 640 root:adm ...

    but doing so to phpmail.log not working :(
     
    ngoyette, Apr 3, 2012
    #10
  11. falko

    falko Super Moderator Howtoforge Staff

    If this log is used by just one website, you can use webx/clientx (if you use PHP via FastCGI/SuPHP/CGI) or the Apache user/group (mod_php) as the owners of the log. Otherwise only 777 will work, I guess.
     
    falko, Apr 4, 2012
    #11

Share This Page