Author: Cyborg Date: To: exim-users Subject: Re: [exim] Block local submission
Am 17.07.2015 um 16:49 schrieb Giuliano David: >
> Can anyone point me in the right direction to achieve the same with
> exim4?
>
Just remove 127.0.0.1 from the relay host. If all other connection must
authenticate, so must webapps then.
BUT:
none of the existing webapps does that NOR do they know how to do so.
They simply call 'sendmail' via the php mail() function.
If they do not have a real smtp engine build in, they never will send a
message again.
And even IF they build it in, that does not stop hacks from happening
and your problem starts all over.
What you need is a IDS System to stop the hacks from happening. Much
easier and cheaper: update the apps asap the exploit is found :) ( and
get paied for it ;) )