|
 
Re: [PHP-DEV] Default Return-Path with mail() and qmail
From: Rick Widmer (php4 <email protected>)
Date: 11/29/02
At 06:28 PM 11/28/02 -0800, Sara "Pollita" Golemon wrote:
>I'm a big -1 on this. The patch will not actually solve the root problem.
>
>On Unix systems, the MTA needs to know that the webserver user is
>'trusted' to masquerade as another user. In exim this would be the
>'trusted-users' directive, sendmail, qmail, and postfix have similar
>directives.
>
>I agree that the documentation could use some updating in this regard and
>would be happy to make that modification after I collect up some examples
>of the correct directives to use on common systems.
Qmail seems to trust everyone on the system by default. I did nothing
special to allow 'nobody' rights to use sendmail -f to set the From:
address. (Running Qmail's sendmail wrapper.)
You might consider recommending a configuration setting like the following
in each <VirtualHost> block on a multi-domain Apache server. This sends
bounces and replies to the webmaster of the domain if no attempt is made to
set the From: and Reply-to: headers when mail() is used.
<VirtualHost www.mydomain.com>
pph_admin_value sendmail_path "/usr/sbin/sendmail -t -fwebmaster <email protected>"
I think sendmail requires the user to be a member of the 'trusted' group,
but I yield to anyone who knows more about it.
Rick
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
| 
