PHP return-path

[webinmotion]

Seems something funny has happend with our 7.5.1 > 7.5.3 update.

PHP generated mail without the <return-path> specifically inserted into the headers will default the default return-path to root@[servername.com] and send all bounces/undeliverables back to me! this is a pain in th eass for mailing lists and poorly written php.

In 7.5.1 it did not do this....

Does anyone know what changed or how to fix this (without manually editing each domain)

 

[Whistler]

As far as I know this has always been an issue.

I've just created a custom event handler that inserts a custom PHP setting in every virtual hosting setting the e-mail adress to www@<thevirtualdomain> - as I also grew tired of this - specially people thinking I was spamming - and not my customers when they don't know how to use the mail() function in PHP

 

[webinmotion]

I had not noticed it before, but now I am seeing it even from applications by people who should know better (oscommerce for one)

I was hoping to avoid that sort of solution, we are trying really hard to keep this server as stock as possible... oh well

 

[rembrandt]

@Whistler: how did you achive that?

 

[Whistler]

I created a script looking like this:

#!/bin/sh
# Bash script to create PHP settings for more secure Virtual Hosting under Plesk
#
# Plesk Eventhandler Trigger: Physical Hosting Creation trigger
#
# Modified: 2005-09-22 03:00 /www.gld.dk
#
# Set it up in Event Manager to be passed the following arguments:
# argument list:
#
#   $1=dom|sub
#   $2=<domain_name>
#   $3=<sub_domain> [optional]
#

# Initial settings:
PSA_DOMAIN=$2
if [ "$1" = "sub" ]; then PSA_SUBDOMAIN=$3; fi
PSA_VHOSTDIR=`grep -iE "HTTPD_VHOSTS_D" /etc/psa/psa.conf |  awk '{print $2}'`;
if [ "$1" = "dom" ]; then PSA_STRING=${PSA_VHOSTDIR}/${PSA_DOMAIN}; fi
if [ "$1" = "sub" ]; then PSA_STRING=${PSA_VHOSTDIR}/${PSA_DOMAIN}/subdomains/${PSA_SUBDOMAIN}; fi

# Setup default properties for: httpdocs
echo "<Directory ${PSA_STRING}/httpdocs>" >> ${PSA_STRING}/conf/vhost.conf;
echo "  <IfModule mod_php4.c>" >> ${PSA_STRING}/conf/vhost.conf;
echo "    php_admin_value session.save_path \"${PSA_VHOSTDIR}/${PSA_DOMAIN}/tmp\"" >> ${PSA_STRING}/conf/vhost.conf;
echo "    php_admin_value sendmail_from \"www@${PSA_DOMAIN}\"" >> ${PSA_STRING}/conf/vhost.conf;
echo "  </IfModule>" >> ${PSA_STRING}/conf/vhost.conf;
echo "</Directory>" >> ${PSA_STRING}/conf/vhost.conf;

if [ "$1" = "dom" ]; then
  # Setup default properties for: httpsdocs
  echo "<Directory ${PSA_VHOSTDIR}/${PSA_DOMAIN}/httpsdocs>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
  echo "  <IfModule mod_php4.c>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
  echo "    php_admin_value session.save_path \"${PSA_VHOSTDIR}/${PSA_DOMAIN}/tmp\"" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl
.conf;
  echo "    php_admin_value sendmail_from \"www@${PSA_DOMAIN}\"" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
  echo "  </IfModule>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
  echo "</Directory>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
fi

# Update Plesk configuration:
/usr/local/psa/admin/bin/websrvmng --vhost-name=${PSA_DOMAIN};

# Log Event Handler Trigger
echo "vhost-settings.sh: Updated ${PSA_DOMAIN}" >>/tmp/event_handler.log;

# Save this file and 'chmod +x filename'

It's not optimized yet, but does the job - actually it does a couple of things:

1) set the e-mail adress to www@<domain>/<subdomain> in PHP if no sender has been set using the mail() function.

I use the www@ prefix to make sure my customers can choose to catch/discard mails send from their PHP scripts.

2) set the PHP session save path to the users /tmp directory - removing a serious security flaw when using Plesk (and PHP) in a shared hosting environment.

The default behaviour of putting all session files in /tmp of the server leaves a big securityhole making users of any virtual host able to look through all sessions on the server.

This will fix this issue.


In the Event Manager you have to create two events:

1) Physical hosting created : /path-to-script/vhost-settings.sh dom <new_domain_name>

2) Subdomain created : /path-to-script/vhost-settings.sh sub <new_domain_name> <new_subdomain_name>

As you can see this will work both when creating a domain and a subdomain.

One thing remains - but I've not tested it yet - a script needs to be made to change the settings when the "Physical hosting updated" and "Subdomain updated" events occur.

Use the script at your own risk - I take no responsibility for any problems caused by it. But the script never overwrites any vhost or vhost_ssl file.

But I of couse - would like to hear of any improvements and/or problems with the script Please let me know

PS. If you use PHP5 you need to change the module check accordingly. This will default only work with PHP4.

 

[rembrandt]

looks nice, i´ll give it a spin, thx

 

[david55]

Hi,

I tried the following and no matter what the From: address is still set to "anonymous@our_server.com"

Vhost.conf for domain.net

<Directory /usr/local/psa/home/vhosts/domain.net/httpdocs>
<IfModule mod_php4.c>
php_admin_value sendmail_from "[email protected]"
</IfModule>
</Directory>

------

php_info shows: Local Master

sendmail_from [email protected] no value

------

The test script I am using to send mail is.

<?
mail("test@some_address.com", "Subject:", "Test mail");
?>

Any help would be greatly appritiated.

- Dave