This is more a note for myself than anything else ...
By default a lot of php scripts will send emails that appear as coming from the Apache user, which makes tracking down a rogue script really annoying and time-consuming.
You end up with entries in the mail logs similar to this one:
Apr 27 18:22:29 servername postfix/qmgr[23581]: 0F53421C1FA: from=<www-data@servername.com>, size=929, nrcpt=1 (queue active)
Which isn't particularly helpful if you have more than one site (vhost) on a particular server.
Making it a bit saner can be done via a simple addition to the Apache vhost config:
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f address@domain.tld'
So now any emails sent from that vhost will reference the email specified instead of the Apache user:
Apr 27 19:40:34 servername postfix/qmgr[2469]: 16A8F21C1FA: from=<address@domain.tld>, size=358, nrcpt=1 (queue active)
There are other additions to Php that can log the path to the script itself, though until such time as someone makes it available for Debian / Ubuntu I don't really fancy having to compile it in manually
On http://www.skynet.ie we use the following method for tracking emails sent via php and mail(). (After we admins previously spent hours tracking down rogue php scripts)
It involves setting the sendmail path in php.ini to a sendmailwrapper.sh which logs the php script and hands off the mail to the real sendmail path.
Full details on http://wiki.kartbuilding.net/index.php/Mail_-_mutt_etc#Log_PHP_and_mail.28.29
Steve
Thanks for sharing that tip – I might have a look into it as well
Michele