0

I installed Ubuntu 22.04, php 8.1.2, Apache 2.4.52 and postfix. When I run test.php in browser with the code

mail($to, $subject, $body)

I receive the email without X-PHP-Script header. I expect to see

X-PHP-Script: <server_name><php_self> for <remote-addr>

After I set

mail.add_x_header = On

the header X-PHP-Originating-Script was added to a mail, but not X-PHP-Script. If I am not wrong, PHP mail always added X-PHP-Script. I can add it manually via additional_headers parameter of mail function, but how to make PHP mail add it? What adds X-PHP-Script on my shared server with cPanel?

vvkatwss vvkatwss
  • 3,345
  • 1
  • 21
  • 24
  • 1
    It's been `X-PHP-Originating-Script` since [it was added in 2009](https://web.archive.org/web/20090215034650/https://www.php.net/manual/en/mail.configuration.php). – Alex Howansky Feb 09 '23 at 15:30
  • There are many posts like 'how to remove X-PHP-Script?' I have a shared server with cPanel. When my script sends email, X-PHP-Script is in mail. So what adds X-PHP-Script and how to configure it on my cloud server? – vvkatwss vvkatwss Feb 10 '23 at 15:03

1 Answers1

1

X-PHP-Originating-Script is the header PHP adds (a commenter also mentioned that).

This does not mean X-PHP-Script does not exist. cPanel, for instance, uses it to identify messages sent by the nobody user. You may have seen the X-PHP-Script header, but it was not added by PHP itself.

cPanel itself adds this header internally. You may alter this behavior by using the Exim Configuration Manager Advanced Editor in cPanel. One such way is to use system-wide message filtering. However, cPanel's documentation does not recommend doing so. It may cause severe performance issues or cause email messaging to stop working entirely.

This particular header is used to identify messages being delivered to Exim within cPanel. It is one of the possible ways to identify the source of a message to cPanel's mail transfer agent for security purposes. It is unlikely that shared server hosts will allow you to modify configurations of this type in cPanel.

It is possible to make PHP's mail() add it by:

Modifying PHP's source and using runkit7_function_redefine are possible but not generally a feasible or appropriate way to change the behavior of PHP's mail(). They also require advanced knowledge and significant planning and effort.

Also, a mail transfer agent like Exim Internet Mailer can be configured to add or remove message headers outside of PHP, but this does not modify the behavior of mail() itself.

There is currently no simple way (as of 2023) to add X-PHP-Script automatically from within PHP, other than by doing it manually as you mentioned.

Joseph
  • 51
  • 6
  • I updated my question in the post. On my other shared server, what adds X-PHP-Script header? Can I configure it in cPanel? – vvkatwss vvkatwss Feb 10 '23 at 15:23
  • There's a fly in your bedroom that you want to get rid of. Do you use: 1) a nuclear bomb, 2) an RPG, or 3) a flyswatter? Your answer is certainly not wrong, but I wouldn't even offer the first two options, except maybe as a funny thought experiment. – Duroth Feb 10 '23 at 15:43
  • @Duroth It is still important to mention them because they are possible. I agree they are vast overkill, but when answering we're supposed to try to avoid opinions. I did add a generalized warning/explanation without going too far into opinion territory. – Joseph Feb 13 '23 at 15:53
  • @vvkatwssvvkatwss It would be helpful if you explained why you need that particular header, and what the circumstances are. I'm not sure if that should be here or in a new question. If you have a particular problem you're trying to solve, explaining the particulars will help people understand your problem and offer more specific solutions. – Joseph Feb 13 '23 at 15:55
  • @Joseph I have a website on HostGator. I allow some people to send emails from it. Some emails are not delivered with error "550 Connection Rejected - see http://www.spamhaus.org". This is because the header X-PHP-Script I guess. I run a cloud server and I want to send it also. I want to know what adds it on HostGator. I thought it php:mail, but maybe exim? – vvkatwss vvkatwss Feb 16 '23 at 15:23