Re: [exim] how to block an email sent using a script in EXIM

Página Inicial
Delete this message
Reply to this message
Autor: Niels Dettenbach (Syndicat IT & Internet)
Data:  
Para: DL via Exim-users
Assunto: Re: [exim] how to block an email sent using a script in EXIM
Am 3. August 2019 09:25:29 MESZ schrieb DL via Exim-users
>2019-07-29 06:40:30 cwd=/home/nordic/public_html 4 args:
>/usr/sbin/sendmail -t -i -p125


Just btw., i would not allow any PHP / LAMP stack in a typical (especially shared) hosting-environment to use the "old" console based access to the "sendmail" emulator/binary and would primwrily force to use SMTP with SMTP-Auth instead.

This has several pros, because the attacker can't use shell escapes and can't create/form emails out of that Your SMTP "allows" and a lot of typical bugs or "spam filter problems" (false positives at recipient side) die to bogus / "crappy" declared emails could be prevented this way.

And by changing the SMTP users password, You can easily block further usage by the existing relaying / hacked script or (depending from the hack vector) a hacker need to steal the PW from the code or db to use the mailer/relay.

For the application / user: using real SMTP provides more control in case of any errors / failures as woking rate-limiting (i.e. in a typical form-mailer). From my experience, any (at least half baken) LAMP/PHP scripts / apps with "email functionality" provide the usage of real SMT today, because many hosters - for security reasons - provide only external SMTPs.

hth a bit in any way.

just my .02$,


niels.

--
Niels Dettenbach
Syndicat IT & Internet
https://www.syndicat.com