PHP's mail function seems to deliver mail on a clean system, with no apparent configuration done by the administrator or webmaster (no SMTP configuration in php.ini, etc.). How does the mail function deliver mail to a remote server?
On *nix it invokes the sendmail binary, which then uses the mail configuration to route the email. On Windows, it sends to a SMTP server. In both cases the sysadmin sets up the mail system.
You can detect how it works as below.
First method
$ ltrace php -r "mail('tester#127.0.0.1', 'Test', 'Hello world');" 2>&1 | grep sendmail
memcpy(0x095ea168, "sendmail_from", 14) = 0x095ea168
memcpy(0x095ea1e0, "sendmail_path", 14) = 0x095ea1e0
popen("/usr/sbin/sendmail -t -i ", "w") = 0x0977c7c0
From the results of the above command can be seen that the popen() function opens the process of /usr/sbin/sendmail -t -i.
$ ls -l /usr/sbin/sendmail
... /usr/sbin/sendmail -> exim4
So sendmail is the symbolic link to exim4 and hence sendmail -t -i invokes exim4 -t -i.
And in the manual page of exim4 you can read about these options -t -i:
$ man exim4 | grep ' -t -i'
-ti This option is exactly equivalent to -t -i. It is provided for compatibility with Sendmail.
Second method
Install snoopy and run:
# grep snoopy /var/log/auth.log | tail
... php -r mail('tester#127.0.0.1', 'Test', 'Hello world');
... /usr/sbin/sendmail -t -i
... /usr/sbin/exim4 -Mc 1YxxYn-0006a7-Nw
... /usr/sbin/exim4 -t -oem -oi -f <> -E1YxxYn-0006a7-Nw
... /usr/sbin/exim4 -Mc 1YxxYn-0006aB-Oj
The results of the above command show the sequence of the commands which were performed.
mail() uses sendmail, that uses DNS to find MX record of target domain and delivers there directly. thats it.
and since destination server probably does not know your ip address, especially if it is NATed it may be marked as spam.
you can modify your config to use different (legit ad known) smtp server to act as intermediary.
It's really not that reliable, actually, unless the underlying sendmail or something is properly configured.
Amazon SES has better servers than whatever server you're using and gets mail there more times than with mail().
The real reason you shouldn't use mail() is because your server's IP address is probably completely unknown to mail services such as GMail, Yahoo, etc, and there is a higher chance it will get marked as spam. Why does it get marked as spam? Because mail() is very easy and simple to exploit for spam purposes.
Related
RHEL6 | High Sev
Vulnerability Title
SMTP unauthenticated 3rd-party mail relay
Vuln Description
lity is that other organizations, in an attempt to stop the flow of spam, may throw away any mail originating from your server (including legitimate mail from your users).
Following FIX Helped, take backup of file
Comment out the below entry
cd /etc/mail
[root#mail]# cat sendmail.mc | grep -v ^dnl | grep -i smart
define(SMART_HOST',relaymail.sapient.com')dnl
[root#mail]#
[root#mail]#
Below entry should be commented out
[root# mail]# cat sendmail.mc | grep -v ^dnl | grep -i mailerta
FEATURE(mailertable',hash -o /etc/mail/mailertable.db')dnl
[root#mail]# cp -p sendmail.mc sendmail.mc.bkp.date +%F
[root#mail]#
[root#mail]# m4 sendmail.mc > sendmail.cf
Add below entry in /etc/mail/mailertable to disable offsite mail relay
gmail.com smtp:[192.168.100.x]
. error:Mail to external domain is prohibited
[root# mail]#
it helped to fix.
Hopefully will help, i searched a lot and finally this worked so thought to share.
I have a unique situation where I'm going from an AIX platform to RHEL for a vendor supported application. Within the application, I can send a command (limited to the amount of characters I can send) that will email me results of a print job.
To do this in AIX, I'm passing the following command:
uuencode temp.txt | mail -s "test" email#address.com
This sends standard output to the email as an attachment named temp.txt. Temp.txt doesn't exist on the AIX server.
I have downloaded the rpm for uuencode for Linux, but it doesn't work in the same fashion. It sends an email with what looks like garbage (could be missing MIME header).
I'm looking for a similar command. To simulate outside of the application, I use the following in AIX:
echo "testing mail" | uuencode temp.txt | mail -s "test" email#address.com
I know mailx -a <filename> would work if I had a filename, unfortunately I'm working with standard output vs a file.
Any help will be appreciated.
i need to see only HTTP GET requests HOST once (only the webpage), only from defined source ip, not other information/data.
The first request to that url.
For example:
The first packet what goes from client to server.
GET / HTTP/1.1\r\n
What filters should i add? I have tried few, but still get too much information/data...
Is there any possibilities to look HTTPS first request packet too? To see where the client is sending the request?
If you're on a Un*x platform, you could try something like:
tshark -r file.pcap -Y 'ip.src == 1.2.3.4 and http.request.method == "GET"' -T fields -e http.request.method -e http.request.version -e http.request.uri | head -n 1
... or maybe you want to use http.request.full_uri instead of http.request.uri?
If you're on Windows, you may need to install Cygwin coreutils in order to use head, and you may have to quote things a bit differently, e.g.:
tshark -r file.pcap -Y "ip.src == 1.2.3.4 and http.request.method == \"GET\"" -T fields -e http.request.method -e http.request.version -e http.request.uri | head -n 1
For https, you'll need to decrypt the SSL. You can read how to do that on the Wireshark SSL wiki page.
In my office firewall I use a command like this:
$ sudo tcpdump -v -s 1500 -i eth0 port 25 | grep 'smtp: S'
to monitor LAN clients sending mail (I need to early detect any possible spammer bot from some client, we have very looooose security policies, here... :-().
So far, so good: I have a continuous output as soon any client sends an email.
But, if I add some filter to get a cleaner output, something like this:
$ sudo tcpdump -v -s 1500 -i eth0 port 25 | grep 'smtp: S' | perl -pe 's/(.*?\)) (.*?)\.\d+ \>(.*)/$2/'
(here I intend to get only source ip/name), I do not get any output until tcpdump output is more than (bash?) buffer size... (or at least I suppose so...).
Nothing changes using 'sed' instead of 'perl'...
Any hint to get a continuous output of filtered data?
Put stdbuf before the first command:
sudo stdbuf -o0 tcpdump ...
But, if I add some filter to get a cleaner output, something like
this:
Use the --line-buffered option for grep:
--line-buffered
Use line buffering on output. This can cause a performance
penalty.
try maybe a sed --unbuffered (or -u sometimes like on AIX) to have a stram version (not waiting the EOF)
I want to send email from HP unix using mailx command.
I have to include cc and bcc in my email and have to use the specific email address as the sender.
But -r (which is to define the sender's email address) will disalbe ~ commands so if i have to define the sender's email address, i cannot use ~c and ~b commands for cc and bcc.
Is there any work around???? cos these are the requirements from the user.
Thanks.
Just re-order the arguments to mailx command. That would give the desired result
$ echo "something" | mailx -s "subject" -b bcc_user#some.com -c cc_user#some.com -r sender#some.com recipient#example.com
In my case I have to keep multiple id's in cc which has been done by giving the email-id's comma separated one by one as below:
$ echo -e "Hi Team, \n \n Action Needed \n \n Regards, \n XYZ team"| mailx -s "subject" -b bcc_user1#some.com,bcc_user2#some.com -c cc_user1#some.com,cc_user2#some.com -r sender#some.com receiver#xyz.com
Also made use of the echo command to pass multiple lines to mailx utility. Thought it will be helpful.