In his latest blog entry, Ilia Alshanetsky has proposed (and provided) a patch that can help with one of the more abused of the popular PHP functions out there - mail().
One of the problems with solving the mail() abuse is figuring out who is doing it or perhaps what script was exploited to do it, since the mail() function does not offer any logging mechanism.
To address this problem, he's supplied this patch you can apply to your source to add two new options to the mail function:
- enable the addition of the X-PHP-Originating-Script header
- mail.log (takes a filename) allows you to enable logging of every single mail() call