I've finally got of my ass and committed my mail logging patch I've written almost 2 years ago. This functionality is predominantly aimed at shared hosters that often have a problem identifying people who abuse the mail() function to send an in-ordinate amount of spam or hacked scripts used for the some purpose.
The logging functionality is disabled by default but can be enabled on a per-directory or globally via 2 INI settings.
The mail.log directive allows you to specify the file where each call to mail() will be logged. The log file will contain the path and line # of the calling script in addition to all of the headers indicated by the user.
The mail.add_x_header directive will introduce a X-PHP-Originating-Script header that will contain the file name (no path) of the calling script and the uid of the script. This combination should be sufficient for the admin to locate the sending script.
Hey Ilia, that's great news! Thanks for finally committing this.
I've tried it out in PHP 5.3.0RC2 and couldn't figure out how to do the following:
- log date/time on the same line? Or can I log to syslog?
- how do I protect the logfile if all customers on a shared host need to be able to write into it (CGI/Suexec on Linux)?
What do you think about append-only mode (chattr -a) of the logfile, removing all read rights and only giving write permission to my customers? The customers would still be able to clutter the logfile with fake entries from their PHP scripts.