Contributed by jose on from the inerior-design dept.
"Hi, I am setting up a website that is using PHP. The web site trys to send out e-mails by using the following PHP command:While this isn't a very secure way at all to handle email submissions from HTTP POST operations, it does raise the question of what methods people have found to run PHP system with the chrooted Apache in 3.3. Anyone care to share their setup scripts and methods?$cmd = "/bin/echo "" . $msg . "" | /usr/sbin/sendmail -t -i"; exec($cmd);This works if I ensure Apache is not running in the default jailed environment. I would like to have some mechanism for sending an email message from the jailed environment.Has any one else done this? Any suggestions would be greatly appreciated."
(Comments are closed)
By Anonymous Coward () on
Thats a really really horrible way of doing it in the first place.
By paulc () on
Here is the description from the site:
"mini_sendmail reads its standard input up to an end-of-file and sends a copy of the message found there to all of the addresses listed. The message is sent by connecting to a local SMTP server. This means mini_sendmail can be used to send email from inside a chroot(2) area"
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Ah, the concise elegance of cut and paste.
By AC () on
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
By Jane Goodall () on http://www.janegoodall.org/
NMS homepage (sourceforge)
download here
By knomevol () on
Comments
By Benny Siegert () on
By Clint () schwack@neotrance.dyndns.org on mailto:schwack@neotrance.dyndns.org
function send_email($to, $sender_email, $subject, $mailheaders, $msg)
{
$connection = fsockopen ("$MX_host", 25, &$errno, &$errstr, 1);
fputs($connection, "HELO domain.comn");
fputs($connection, "MAIL FROM: $sender_emailn");
fputs($connection, "RCPT TO: emailaddress@domain.comn");
fputs($connection, "DATAn");
fputs($connection, "Subject: $subjectn$mailheadersn$msgn.n");
fputs($connection,"QUITn");
fclose ($connection);
}
send_email($to, $sender_email, $subject, $mailheaders, $msg);
Comments
By Anonymous Coward () on
Comments
By clint () schwack@neotrance.dyndns.org on mailto:schwack@neotrance.dyndns.org
In my forms for example, all the $var's are checked and "cleaned' before that function is called. It would take all but 20 minutes of coding to expand this example to something usable, which is still a lot quicker than trying to chroot sendmail, or get php's mail() to work.
By Josh () selerius at codefusion dot org on codefusion dot org
http://phpmailer.sourceforge.net
By grange () on
By drama () drama.4t.slakin.dot.net on www.slakin.net
Im not trying to say rtfm, but the php documentation is really helpful for the most part.
* * * * *
Matt
d-a7-slakin-d0t-net.
By Anonymous Coward () on
If a person were able to get their own chosen text into $msg (perhaps by making it part of their name, or email address), aren't you letting them write their own shell command to be executed inside your chroot? Granted, maybe that limits the damage they can do, but it'd still suck if they got away with "cd /; rm -rf *"
By Raymond Morsman () raymond@openminds.nl on http://www.openminds.nl/chrootsendmail.tar.gz
a friend of mine played with the sendmail config until he make work.
The result can be found at:
http://www.openminds.nl/chrootsendmail.tar.gz
Works perfectly, I used to run a script of my own for the last years, but this one is easier.
Raymond.
Comments
By Bard (62.97.242.6) base@voop.no on
>
>
>
> a friend of mine played with the sendmail config until he make work.
>
>
>
> The result can be found at:
>
>
>
> http://www.openminds.nl/chrootsendmail.tar.gz
>
>
>
> Works perfectly, I used to run a script of my own for the last years, but this one is easier.
Too bad his site is down
By bolke () bolke@xs4all.nl on http://www.skoll.nl
Grab something as SMTP class (see freshmeat) and use that. No need for copying etc, a lot nicer too.
Comments
By drama () dr4ma-at-slakin-d0t-net on www.slakin.net/?page=contact
Not to flame you, but don't post something if you don't know your facts.
--Matt
Comments
By bolke () bolke@xs4all.nl on mailto:bolke@xs4all.nl
But I would really like to be convinced otherwise.