Auteur: W B Hacker Date: À: exim users Sujet: Re: [exim] php/script to control exim?
Lars Nielsen wrote: > Hi List,
>
> I am developing a php-based webservice with which i want to control and
> manage exim from a web-gui.
>
> What is the best and most secure way to control Exim from a php-script?
> Some issue can be configured via a database but i still need to call the
> exim executable some times!?
>
>
Lars,
Perhaps it is just time-zones and weekend priorities, but the lack of a
response so far just might indicate a reluctance to help you implement
what has to be akin to an attempt to walk on water .. and failing, have
coded the electronic equivalent of a suicide-kit, 'abuseability' wise.
php is a grand tool for coding nice web pages rapidly.
Securing it and preventing a web app being suborned is NOT so fast and
easy, adn more than a few MTA have suffered becasue of that.
'More better' if you must go that route to use the oldest and best
tested and debugged off-the shelf F/LOSS php critter you can find.
Its devel team and user community will at least already have the scars
and wisdom gained from TRYING to secure it. And more than a few times.
Easier to then customize look and feel than reinvent that entire
wheel... a decidedly 'non-trivial' exercise.
And one not really within Exim's purview...
Anything that can invoke the binary ... can invoke the binary.
Best Exim can do thereafter is try to filter and ratelimit.
You'll need an acl_not_smtp critter to do some of that...