1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

PHP return-path

Discussion in 'Plesk for Linux - 8.x and Older' started by webinmotion, Sep 26, 2005.

  1. webinmotion

    webinmotion Guest

    0
     
    Seems something funny has happend with our 7.5.1 > 7.5.3 update.

    PHP generated mail without the <return-path> specifically inserted into the headers will default the default return-path to root@[servername.com] and send all bounces/undeliverables back to me! this is a pain in th eass for mailing lists and poorly written php.

    In 7.5.1 it did not do this....

    Does anyone know what changed or how to fix this (without manually editing each domain)
     
  2. Whistler

    Whistler Guest

    0
     
    As far as I know this has always been an issue.

    I've just created a custom event handler that inserts a custom PHP setting in every virtual hosting setting the e-mail adress to www@<thevirtualdomain> - as I also grew tired of this - specially people thinking I was spamming - and not my customers when they don't know how to use the mail() function in PHP :)
     
  3. webinmotion

    webinmotion Guest

    0
     
    I had not noticed it before, but now I am seeing it even from applications by people who should know better (oscommerce for one)

    I was hoping to avoid that sort of solution, we are trying really hard to keep this server as stock as possible... oh well
     
  4. rembrandt

    rembrandt Guest

    0
     
    @Whistler: how did you achive that?
     
  5. Whistler

    Whistler Guest

    0
     
    I created a script looking like this:

    Code:
    #!/bin/sh
    # Bash script to create PHP settings for more secure Virtual Hosting under Plesk
    #
    # Plesk Eventhandler Trigger: Physical Hosting Creation trigger
    #
    # Modified: 2005-09-22 03:00 /www.gld.dk
    #
    # Set it up in Event Manager to be passed the following arguments:
    # argument list:
    #
    #   $1=dom|sub
    #   $2=<domain_name>
    #   $3=<sub_domain> [optional]
    #
    
    # Initial settings:
    PSA_DOMAIN=$2
    if [ "$1" = "sub" ]; then PSA_SUBDOMAIN=$3; fi
    PSA_VHOSTDIR=`grep -iE "HTTPD_VHOSTS_D" /etc/psa/psa.conf |  awk '{print $2}'`;
    if [ "$1" = "dom" ]; then PSA_STRING=${PSA_VHOSTDIR}/${PSA_DOMAIN}; fi
    if [ "$1" = "sub" ]; then PSA_STRING=${PSA_VHOSTDIR}/${PSA_DOMAIN}/subdomains/${PSA_SUBDOMAIN}; fi
    
    # Setup default properties for: httpdocs
    echo "<Directory ${PSA_STRING}/httpdocs>" >> ${PSA_STRING}/conf/vhost.conf;
    echo "  <IfModule mod_php4.c>" >> ${PSA_STRING}/conf/vhost.conf;
    echo "    php_admin_value session.save_path \"${PSA_VHOSTDIR}/${PSA_DOMAIN}/tmp\"" >> ${PSA_STRING}/conf/vhost.conf;
    echo "    php_admin_value sendmail_from \"www@${PSA_DOMAIN}\"" >> ${PSA_STRING}/conf/vhost.conf;
    echo "  </IfModule>" >> ${PSA_STRING}/conf/vhost.conf;
    echo "</Directory>" >> ${PSA_STRING}/conf/vhost.conf;
    
    if [ "$1" = "dom" ]; then
      # Setup default properties for: httpsdocs
      echo "<Directory ${PSA_VHOSTDIR}/${PSA_DOMAIN}/httpsdocs>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
      echo "  <IfModule mod_php4.c>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
      echo "    php_admin_value session.save_path \"${PSA_VHOSTDIR}/${PSA_DOMAIN}/tmp\"" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl
    .conf;
      echo "    php_admin_value sendmail_from \"www@${PSA_DOMAIN}\"" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
      echo "  </IfModule>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
      echo "</Directory>" >> ${PSA_VHOSTDIR}/${PSA_DOMAIN}/conf/vhost_ssl.conf;
    fi
    
    # Update Plesk configuration:
    /usr/local/psa/admin/bin/websrvmng --vhost-name=${PSA_DOMAIN};
    
    # Log Event Handler Trigger
    echo "vhost-settings.sh: Updated ${PSA_DOMAIN}" >>/tmp/event_handler.log;
    
    # Save this file and 'chmod +x filename'
    
    It's not optimized yet, but does the job - actually it does a couple of things:

    1) set the e-mail adress to www@<domain>/<subdomain> in PHP if no sender has been set using the mail() function.

    I use the www@ prefix to make sure my customers can choose to catch/discard mails send from their PHP scripts.

    2) set the PHP session save path to the users /tmp directory - removing a serious security flaw when using Plesk (and PHP) in a shared hosting environment.

    The default behaviour of putting all session files in /tmp of the server leaves a big securityhole making users of any virtual host able to look through all sessions on the server.

    This will fix this issue.


    In the Event Manager you have to create two events:

    1) Physical hosting created : /path-to-script/vhost-settings.sh dom <new_domain_name>

    2) Subdomain created : /path-to-script/vhost-settings.sh sub <new_domain_name> <new_subdomain_name>

    As you can see this will work both when creating a domain and a subdomain.

    One thing remains - but I've not tested it yet - a script needs to be made to change the settings when the "Physical hosting updated" and "Subdomain updated" events occur.

    Use the script at your own risk - I take no responsibility for any problems caused by it. But the script never overwrites any vhost or vhost_ssl file.

    But I of couse - would like to hear of any improvements and/or problems with the script :) Please let me know :)

    PS. If you use PHP5 you need to change the module check accordingly. This will default only work with PHP4.
     
  6. rembrandt

    rembrandt Guest

    0
     
    looks nice, i´ll give it a spin, thx
     
  7. david55

    david55 Guest

    0
     
    Hi,

    I tried the following and no matter what the From: address is still set to "anonymous@our_server.com"

    Vhost.conf for domain.net

    <Directory /usr/local/psa/home/vhosts/domain.net/httpdocs>
    <IfModule mod_php4.c>
    php_admin_value sendmail_from "www@domain.net"
    </IfModule>
    </Directory>

    ------

    php_info shows: Local Master

    sendmail_from www@domain.net no value

    ------

    The test script I am using to send mail is.

    <?
    mail("test@some_address.com", "Subject:", "Test mail");
    ?>

    Any help would be greatly appritiated.

    - Dave
     
Loading...