Re: [exim] Block local submission

Page principale
Supprimer ce message
Répondre à ce message
Auteur: GD
Date:  
À: exim-users
Sujet: Re: [exim] Block local submission
Interesting and quick solution :) Thanks. But what about system users
(root, cronjobs) who needs to send mail via non-authenticated mechanism?
If I block localhost will they be able to submit mails?
About webapps sending mail if they have an smtp engine, I rarely seen
code injection with built-in smtp engine able to setup itself to use
user-password credentials to login on the underlying MTA system.
About IDS, you are right, but hosted users often aren't capable to
quickly rewrite their apps to solve the bug, so I need a way to block
emails in the meantime.
Thanks for your suggestions
g


On 18/07/2015 22:17, Cyborg wrote:
> Am 17.07.2015 um 16:49 schrieb Giuliano David:
>> Can anyone point me in the right direction to achieve the same with
>> exim4?
>>
> Just remove 127.0.0.1 from the relay host. If all other connection must
> authenticate, so must webapps then.
>
> BUT:
>
> none of the existing webapps does that NOR do they know how to do so.
> They simply call 'sendmail' via the php mail() function.
>
> If they do not have a real smtp engine build in, they never will send a
> message again.
>
> And even IF they build it in, that does not stop hacks from happening
> and your problem starts all over.
>
> What you need is a IDS System to stop the hacks from happening. Much
> easier and cheaper: update the apps asap the exploit is found :) ( and
> get paied for it ;) )
>
> Marius
>
>
>