HEX
Server:
System: Linux aac286ea486c 5.14.0-687.15.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 11 08:51:45 EDT 2026 x86_64
User: root (0)
PHP: 8.2.30
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,disk_free_space,diskfreespace
$ pwd: /usr/local/bin/
Upload Files
File: //usr/local/bin/mail
#!/usr/local/bin/php -d disable_functions = show_source
<?php
if (isset($argv[1]) && $argv[1] == '-s')
{
    $args = [];
    for($i = 1; $i < count($argv); $i++)
    {
        if ($i % 2 == 0)
        {
            $args[] = escapeshellarg($argv[$i]);
        }
        else
        {
            $args[] = $argv[$i];
        }
    }
    $args = implode(' ', $args);
    $proc = popen("/usr/bin/mail $args", "w");
    while(($line = fgets(STDIN)) !== false)
    {
        fwrite($proc, $line);
    }
    $r = pclose($proc);
    exit($r);
}

// sendmail wrapper that enforces the send envelope that we want
// we are using php because the deps already exist in the chroot
$proc = popen("/usr/sbin/sendmail -t --read-envelope-from", "w");

if (file_exists('/email_debug'))
    define('DEBUG', true);
else
    define('DEBUG', false);

if (file_exists('/email_disable'))
{
    if (DEBUG)
    {
        $log = fopen("/tmp/email.log", "a");
        fwrite($log, "\n\n############\n");
        while(($line = fgets(STDIN)) !== false)
        {
            fwrite($log, $line);
        }
        fclose($log);
    }
    exit(0);
}

if (DEBUG)
    $log = fopen("/tmp/email.log", "w");

$from = false;
$defaultFrom = "From: Wordpress <no-reply@pressemail.com>\n";
$inheaders = true;
$phpscript = false;
$headers = array();

while(($line = fgets(STDIN)) !== false)
{
        if ($inheaders && !$phpscript && preg_match('/^X-PHP-Originating-Script:/i', $line))
        {
            $phpscript = trim(substr($line, strpos($line, ':')+1));
        }

        if (!$from && preg_match('/^from:/i', $line))
        {
                $from = true;
        }
        elseif (!$from && rtrim($line) == '')
        {
                $from = true;
        }

        if ($inheaders && rtrim($line) == '')
        {
            if (!$from)
                l_fwrite($proc, $defaultFrom);

            // add domain id if we know if
            $path = glob('/dom*');
            $host = null;
            if (file_exists('/etc/host-hostname')) {
                $host = trim(file_get_contents('/etc/host-hostname'));
                if (strlen($host) === 0) {
                    $host = null;
                }
            }
            if ($host === null) {
                $host = getHostName();
            }
            $ip = getHostByName($host);
            $host = str_replace('.pagelydev.com','', $host);
            if ($ip)
                l_fwrite($proc, "X-Forwarded-For: $ip\n");
            $domain = 'system';
            if (count($path) > 0 && preg_match('/dom([0-9]+)/', $path[0], $match))
            {
                $domain = $match[1];
            }
            l_fwrite($proc, "X-AuthUser: $host.$domain.$phpscript\n");

            $inheaders = false;
        }

	// amazon doesn't like duplicate headers, sigh
	if ($inheaders)
	{
		if (preg_match('/^([^:]+)/', $line, $match))
		{
			if (isset($headers[$match[1]]))
				continue;

			$headers[$match[1]] = true;
		}
	}

        l_fwrite($proc, $line);
}

function l_fwrite($fp, $line)
{
    global $log;
    fwrite($fp, $line);
    if (DEBUG)
        fwrite($log, $line);

   echo $line;
}

if (DEBUG)
    fclose($log);
fclose($proc);
@ Telegram