Re: [Exim] blackhole router for http user

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Suresh Ramasubramanian
Datum:  
To: Arkadiusz Miskiewicz
CC: exim-users
Betreff: Re: [Exim] blackhole router for http user
Quoting Arkadiusz Miskiewicz <arekm@???>:

> Mine problem is that spam is going through my server via ...
> php mail(). Unfortunately mail() in php is so bad that I can't
> even check which php script was used to send mail :\


That's there. So disabling mail in your php.ini should do the trick.

There are lots of secure mailers your users can use, if want them to have
access to form <-> email scripts.

> So I'm going to allow emails only when sender or recipient
> domain of message is local.


Which can be trivially forged, or the spammer might simply set (say)
nobody@??? as the envelope sender.

Even without that, leaving mail() around is a major nuisance.

If you do leave stuff like that around -

* Have exim on that webserver throttled
* Set up something like spamassasin to catch and trash outbound spam

[outbound spam could be php_mail, or it could be a spammer who gets an
account on your server, uploads a bulk mailer cgi / php script and a db
with several million addresses...]

--srs

--
mallet@??? (Suresh Ramasubramanian)

------------------------------------------------------------
Visit http://www.efn.org for all your community networking needs