On Sun, Aug 13, 2006 at 04:31:55PM +0200, Phil Pennock wrote:
> On an Exim receive (<=) line, the ability to log the value of a
> specified environment variable.
>
> Rationale: PHP webhosting, which on Unix uses "sendmail" for submission,
> rather than talking SMTP, so the web-server's environment variables will
> be visible (by hook or by crook). So if I can log the $REQUEST_URI in
> _Exim_'s logs, it should become *much* easier to track down the page
> which is being abused by spammers. Sometimes, with large badly-written
> PHP applications it can be difficult to tell from the web-server logs
> where the hole is.
This may or may not be any use to you; I tried this on a test box and it
worked for me:
perl_startup = sub return_env { return $ENV{$_[0]} }
acl_not_smtp:
accept
logwrite = FOO=${perl{return_env}{FOO}}
add_header = X-CGI-Env: FOO=${perl{return_env}{FOO}}
On our older web hosting box we had /usr/sbin/sendmail as a wrapper script
which injected extra headers (based on REQUEST_URI etc) before running the
real MTA. However in light of your email, and my quick test above, I think I
might find a better way of doing it on our newer web hosts :-)
Good luck tidying up after the PHP wannabes.
--
Dave Evans
Power Internet
PGP key:
http://powernet.co.uk/~davide/pgpkey
