I think I have a security risk with apache

[jim.thornton]

For some reason whenever a script (PHP - mail()) sends an email out it sends a "Sender" line as well. The sender line reads as "username@hostname".

Is there a way to configure apache NOT to send this line at all?

[jledhead]

are you sure its an apache problem and not a misconfigured php script
PHP Mail

[jim.thornton]

are you sure its an apache problem and not a misconfigured php script
PHP Mail

I'm 99% sure its gotta be a setting in Apache. The reason being is that I have a cron setup and emails me the CHKRoot results nightly and that email is sent from root@hostname.

In addition, I forget the program but I have the server email me everytime someone accesses the root account and it sends it from root@hostname.

Can anyone suggest how I fix this?

[HROAdmin26]

How does a cron job have anything to do with Apache? It doesn't - hence this is nothing to do with Apache and everything to do with PHP and/or your mail program - postfix/sendmail/whatever.

PHP has no built in SMTP engine. It relies on whatever SMTP program you have installed:

Note: For the mail functions to be available, PHP requires an installed and working email system. The program to be used is defined by the configuration settings in the php.ini file. Read more in our PHP Mail reference.

You can take a look at your mail program to determine what the "sender" is set to by default.

If you only want to change the e-mails that come from PHP, you can pass a $from value to your mail program - it should override the default $sender value,

Code:

<?php

$to = "someone@example.com";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "someonelse@example.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";

?>

[jim.thornton]

I have set the From header and the FROM field is find. If you are looking at the email in Thunderbird, it shows a second line (Sent From) -- after the FROM line.

I don't want the server to send this "Sent From" header in addition to the from header that I'm setting up.

I've DirectAdmin with dovecot installed and I have no idea where to look for these settings.

The cron job that I was referring to is not what I'm saying is apache. I guess it isn't apache at all but there is some setting somewhere that I need to change.

Code:

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s 'CHKRootkit Daily Run' me@mydomain.com

This is the script that is run everyday. It emails the output of CHKrootkit to me.

[jledhead]

who shows in the from? root@fqdn
or something like that? my guess is since you are running this script from cron its probably running as root and when you execute /bin/mail its executing it as root and sending from roots mailbox. just a guess though. might want to use something more sophisticated then /bin/mail.

I have always liked this program for simple tasks like this Software :: SendEmail - Send email with this free command line email client

lots-O-options and works on windows and linux

[jim.thornton]

yes it sends as username@hostname.

How can I check my settings?? I looked at exim.conf and I can't find anything in there.

using the mail() function in PHP results in the same problem.

Oh... And it isn't the "Sent From" field that is showing this, it is the "Sender" field. The "From" field in thunderbird shows as whoever I set the from header to.

[HROAdmin26]

It doesn't - hence this is nothing to do with Apache and everything to do with PHP and/or your mail program - postfix/sendmail/whatever.

You can take a look at your mail program to determine what the "sender" is set to by default.

So after several posts, you finally mention you are using Exim. Have you looked at the Exim documentation?

The Sender: header line

For a locally-originated message from an untrusted user, Exim may remove an existing Sender: header line, and it may add a new one. You can modify these actions by setting the local_sender_retain option true, the local_from_check option false, or by using the suppress_local_fixups control setting.

When a local message is received from an untrusted user and local_from_check is true (the default), and the suppress_local_fixups control has not been set, a check is made to see if the address given in the From: header line is the correct (local) sender of the message. The address that is expected has the login name as the local part and the value of qualify_domain as the domain. Prefixes and suffixes for the local part can be permitted by setting local_from_prefix and local_from_suffix appropriately. If From: does not contain the correct sender, a Sender: line is added to the message.