On Fri, Aug 01, 2008 at 04:45:26PM -0400, Grant Peel wrote:
> I am using apache 2.2, with suexec enabled. Each perl based post is executed
> by the unix owner of the domain. PHP requests though, are still seen as
> 'www'.
Slightly OT, but you might want to disable mod_php - have php scripts run via
suexec instead (like your Perl scripts do already). It's a performance hit,
but it keeps things consistent (all user scripts run as that user), and it
makes it easier to handle exactly this kind of spam-tracking problem.
> With the info above, if anyone can show me the acl that has logging (as much
> as is possible), enabled, I would be eternally greatfull, and, it would
> restart my learning curve ....
My recommendations:
* Disallow CGI (Perl, PHP, whatever) scripts from connecting via SMTP. Force
them to use /usr/sbin/sendmail if they want to send mail.
* That way, all mail generated by user scripts arrives via the "not smtp"
exim ACL, wherein you can do logging and adding of headers. See
http://lists.exim.org/lurker/message/20060813.151359.326c5742.html for
how to do this (requires embedded Perl in Exim).
That example logs the (dummy) environment variable "FOO", so you'll want to
change that. You probably want to log at least HTTP_HOST and REQUEST_URI,
and maybe also SCRIPT_FILENAME and REMOTE_ADDR. Adding headers (as shown
in the example) may or may not be a good idea.
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
