Sysadmin: How to see the name of PHP script that sent that e-mail

phplogo SPAM e-mail is the common problem these days and in most cases the cause of this problem is the lack of security on the hosted web sites. Various badly designed PHP scripts expose the hosting server MTA to be used as SPAM e-mails source. First and foremost step in resolving this problem would be to determine the originating PHP script that was used to send e-mails.

Prior to release 5.3 of PHP the mechanism to extract this information was not built in the main source tree and ingenious people out there were making improvements of their own. The most well known of these was Mail header patch. Which required to rebuild the whole PHP from source after patching the source tree. While not impossible this procedure proved to be cumbersome and time consuming.
Starting from release 5.3 there is an option in the main PHP that allows to turn on mail header that will expose the originating script file name. Alas for some obscure reason this is not turned on by default.
What do you need to do to enable it?
Just drop the following line into you system-wide php.ini file

and restart your web system ( apachectl restart in case of apache, service php-fpm restart in case of nginx).
Now every e-mail sent by the PHP script from your system will have extra X- header X-PHP-Originating-Script with the value – name of the originating PHP script file. For example:

Very convenient for the stray e-mail troubleshooting.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">