When PHP's mail() function works but standard mail logging and detection methods fail, you're likely dealing with one of these scenarios:
1. A minimalist MTA like ssmtp or nullmailer
2. Postfix running in limited configuration
3. Direct SMTP socket delivery
4. Cron-configured mail forwardingRun these diagnostic commands as root:
# Check running processes
ps aux | grep -E 'sendmail|postfix|exim|qmail'
# Verify installed packages
dpkg -l | grep -E 'mail-transport-agent|sendmail|postfix|exim|ssmtp'
# Inspect PHP configuration
php -i | grep sendmail_path
# Check system mail queue
mailq 2>&1For a proper strace analysis (must run as root):
strace -f -e trace=execve,network -o mail_trace.log php mail-testing-strace.phpKey things to look for in the output:
- /usr/sbin/sendmail invocations
- Network connections to SMTP ports
- UNIX socket communicationsCreate this PHP test script for deeper inspection:
<?php
// Extended MTA detection script
$mail_config = [
'sendmail_path' => ini_get('sendmail_path'),
'mail.add_x_header' => ini_get('mail.add_x_header'),
'mail.log' => ini_get('mail.log')
];
// Test actual delivery
$headers = "X-Diagnostic: MTA-Test";
mail('user@example.com', 'MTA Detection Test', 'Test Body', $headers);
// Output configuration
print_r($mail_config);
?>Check these additional log locations when /var/log/mail.log is empty:
/var/log/syslog
/var/log/daemon.log
/var/log/php_errors.log
/var/log/auth.log
~/.php_historyUbuntu Server 12.04 often uses these stealth configurations:
# Minimal ssmtp setup
/etc/ssmtp/ssmtp.conf
/etc/ssmtp/revaliases
# PHP ini overrides
/etc/php5/conf.d/mail.ini
# Nullmailer configuration
/etc/nullmailer/When working with Ubuntu servers, it's common to encounter situations where emails are being sent without any obvious MTA (Mail Transfer Agent) installation. The PHP mail() function doesn't actually send emails itself - it relies on the server's configured MTA.
Start with these basic checks to identify the mail system:
# Check running mail processes
ps aux | grep -E 'sendmail|postfix|exim|qmail'
# Verify installed mail packages
dpkg --get-selections | grep -E 'sendmail|postfix|exim|qmail'
# Alternative package check
apt list --installed | grep -E 'sendmail|postfix|exim|qmail'
When basic checks don't reveal the MTA, try these deeper inspection methods:
# Check system mail queue
mailq
# Examine PHP configuration
php -i | grep -A 10 'mail'
# Verify which binary is handling mail
ls -l /usr/sbin/sendmail
ls -l /usr/lib/sendmail
The original attempt with strace had permission issues. Here's the correct approach:
# First create a test PHP file
echo '<?php mail("test@example.com","Test","Message"); ?>' > mailtest.php
# Then run strace properly
strace -f -o mailtrace.log php mailtest.php
# Analyze the output
grep 'exec' mailtrace.log
grep 'mail' mailtrace.log
Another effective method is using lsof to see what's accessing mail-related files:
# Run this while executing your mail script
lsof -i :25
lsof -i :587
lsof -i :465
Examine these key configuration files for mail setup clues:
# Check mail configuration
cat /etc/mail.rc
cat /etc/email-addresses
# PHP configuration
cat /etc/php5/apache2/php.ini | grep sendmail_path
cat /etc/php5/cli/php.ini | grep sendmail_path
Some systems use minimal mail forwarders like ssmtp or nullmailer. Check for these:
# Check for minimal MTAs
which ssmtp
which nullmailer-send
# Examine configuration
cat /etc/ssmtp/ssmtp.conf
cat /etc/nullmailer/remotes
Sometimes emails are being forwarded to another server:
# Check SMTP relay settings
cat /etc/postfix/main.cf | grep relayhost
cat /etc/exim4/update-exim4.conf.conf | grep dc_smarthost
# Network connections
tcpdump -i lo -n port 25
Understanding how PHP's mail function works helps in troubleshooting:
<?php
// Debugging mail configuration
print_r(ini_get("sendmail_path"));
?>