Quoting Arkadiusz Miskiewicz <arekm@???>:
> Mine problem is that spam is going through my server via ...
> php mail(). Unfortunately mail() in php is so bad that I can't
> even check which php script was used to send mail :\
That's there. So disabling mail in your php.ini should do the trick.
There are lots of secure mailers your users can use, if want them to have
access to form <-> email scripts.
> So I'm going to allow emails only when sender or recipient
> domain of message is local.
Which can be trivially forged, or the spammer might simply set (say)
nobody@??? as the envelope sender.
Even without that, leaving mail() around is a major nuisance.
If you do leave stuff like that around -
* Have exim on that webserver throttled
* Set up something like spamassasin to catch and trash outbound spam
[outbound spam could be php_mail, or it could be a spammer who gets an
account on your server, uploads a bulk mailer cgi / php script and a db
with several million addresses...]
--srs
--
mallet@??? (Suresh Ramasubramanian)
------------------------------------------------------------
Visit
http://www.efn.org for all your community networking needs