Catching a pipe?

[gerald]

Ok so maybe I dont quite understand the concept of pipes in Unix.
Here is what Im trying to do. I have web servers that people run CGI scripts from, and alot of them use the sendmail executable to send email from the server by opening a pipe to the sendmail executable and send the message that way.

Unfortunately, alot of people abuse this and send out spam using the sendmail executable. I need to be able to catch the information that they are sending so that I can look for certain things in the subject and body of the message.

Also, I would like to find out what program or script is being used to call the sendmail program, if there is a way to do that.

I am kinda new to *nix programming, so any help would be appreciated.

Thanks,
Gerald

[sig][/sig]

 

[hnd]

Ok.,
What you can do is write a program or use a script for all things you want to do.
This program must read from stdin, do the data processing and write the results to stdout (or not).
You can place this program into a pipe between sendmail and the cgi script.
[sig]<p>hnd<br><a href=mailto:hasso55@yahoo.com>hasso55@yahoo.com</a><br><a href= > </a><br> [/sig]

 

[rbobbitt]

Have you looked into your sendmail configuration? Maybe you can restrict what your users do by changing some configuration options.

From what you're saying, any of your users' CGI scripts could be calling sendmail, so the CGI script is the program being used (which could be called anything).

hnd, what are you talking about?

Regards, [sig]<p>Russ<br><a href=mailto:bobbitts@hotmail.com>bobbitts@hotmail.com</a><br><a href=

http://home.earthlink.net/~bobbitts>Bobbitt

is in</a><br>[/sig]

 

[gerald]

Well I just found that the source code for qmail is fairly readable so I dont need to make a seperate program as a wrapper I can put my code right in the sendmail executable.

Im aware that the CGI script is the program that is calling it, but what I would like to do is determine at run-time, exactly WHICH CGI script is calling it.

I know that alot of spam is being sent out with CGI scripts being run, sending out thousands of mails at a time, but there are several hundred users on each box and most of them use some type of CGI script. Im trying to find out which ones are doing the deed so I can cut them off.

Ive found out how to intercept the data that is being sent by the scripts, but not quite how to determine which script is calling it at any given time.

Any help would be great!

Thanks,
Gerald

[sig][/sig]

 

[gerald]

Ok I figured out how to do what I needed.
Theres probably a better way, but just in case anybodys interested this is what I did:

I call the ps command system( &quot;ps x -f > ./temp.ps.out&quot; )and send the output to a file. Then I search the file for a line that contains the path to the sendmail program, and read the PPID entry from that line, which is the PID of the calling program. Then I go back and search the file for a line that has that number in the PPID field, and then read the path from the path field and I got my culprit.


I just call my routines from inside of sendmail.c right before it calls the qmail-inject function to actually insert the email into the outgoing mail queue.

Regards,
Gerald
[sig][/sig]