Am 3. August 2019 09:25:29 MESZ schrieb DL via Exim-users
>2019-07-29 06:40:30 cwd=/home/nordic/public_html 4 args:
>/usr/sbin/sendmail -t -i -p125
Just btw., i would not allow any PHP / LAMP stack in a typical (especially shared) hosting-environment to use the "old" console based access to the "sendmail" emulator/binary and would primwrily force to use SMTP with SMTP-Auth instead.
This has several pros, because the attacker can't use shell escapes and can't create/form emails out of that Your SMTP "allows" and a lot of typical bugs or "spam filter problems" (false positives at recipient side) die to bogus / "crappy" declared emails could be prevented this way.
And by changing the SMTP users password, You can easily block further usage by the existing relaying / hacked script or (depending from the hack vector) a hacker need to steal the PW from the code or db to use the mailer/relay.
For the application / user: using real SMTP provides more control in case of any errors / failures as woking rate-limiting (i.e. in a typical form-mailer). From my experience, any (at least half baken) LAMP/PHP scripts / apps with "email functionality" provide the usage of real SMT today, because many hosters - for security reasons - provide only external SMTPs.
hth a bit in any way.
just my .02$,
niels.
--
Niels Dettenbach
Syndicat IT & Internet
https://www.syndicat.com