Re: [exim] Feature req: env var logging

Top Page
Delete this message
Reply to this message
Author: Eli
Date:  
To: exim-users
Subject: Re: [exim] Feature req: env var logging
> perl_startup = sub return_env { return $ENV{$_[0]} }
>
> acl_not_smtp:
>
>     accept
>         logwrite = FOO=${perl{return_env}{FOO}}
>         add_header = X-CGI-Env: FOO=${perl{return_env}{FOO}}


I'm a bit late on replying to this one, sorry :)

I've got an unofficial patch to Exim that allows you to have access to all
environment variables at ACL time (it may allow it in router/transport time
too, but that is unintentional, and I believe also the reason the patch
won't get accepted).

http://www.hoktar.com/downloads/other/exim-4.53-env_vars.patch

Should work with newer versions of Exim as well (if not, it's not that hard
to get it applied manually).

This is how I use it:

acl_not_smtp            = acl_check_pipe


acl_check_pipe:
    warn    message        = X-Headers-Begin: $message_exim_id


    warn    message        = X-CGI-Client: $env_REMOTE_ADDR
        condition    = ${if def:env_REMOTE_ADDR {yes}{no}}
        logwrite    = CGI Client: $env_REMOTE_ADDR


    warn    message        = X-CGI-Server: $env_SERVER_NAME
(${env_SERVER_ADDR})
        condition    = ${if def:env_SERVER_ADDR {yes}{no}}
        logwrite    = CGI Server: $env_SERVER_NAME
(${env_SERVER_ADDR})


    warn    message        = X-CGI-Script: $env_SCRIPT_NAME
(${env_SCRIPT_FILENAME})
        condition    = ${if def:env_SCRIPT_NAME {yes}{no}}
        logwrite    = CGI Script: $env_SCRIPT_NAME
(${env_SCRIPT_FILENAME})


    warn    message        = X-Headers-End: $message_exim_id


    accept


Works "out of the box" with any CGI that runs under a CGI compliant
webserver (such as Apache). For PHP, you have to redefine your sendmail
binary path with something like this:

php_admin_value sendmail_path "SERVER_NAME='www.hoktar.com'
/usr/sbin/sendmail -t -i"

Using the "php_admin_value" setting ensures the user can't override the
setting anywhere else in their site (if you set it in their main site vhost
config). You can define any env var you want (only downfall here being that
you can't log what script ran). This patch is currently used on 5
production web servers and is an *invaluable* tool for finding spammers on
the servers and quickly shutting them down (it's also proved to be 100%
stable if used properly).

Eli.