PHP 5.3 introduced a new feature many administrators have waited for. Now it’s possible to log mails sent by the mail() function of PHP.
Until 5.3 it was not that easy to find an insecure form/script which sends out spam messages.
But now, finally, after around two years after the patch was submitted, you can add this to your php.ini:
mail.add_x_header = On mail.log = /var/log/phpmail.log
The first line adds an additional X-Header to the mail itself. It contains the “uid” and the file name of the script.
Te second line logs the full path to the script, the “To:” field and all headers to the specified file.
The log will look like this:
mail() on [/var/www/example.com/httpdocs/pages/formmail.php:50]: To: firstname.lastname@example.org -- Headers: From: "John Smith: " <email@example.com>
NOTE: If you want to leave this option enabled all the time, don’t forget to configure logrotate for the new logfile.