Am 08.10.2013 11:32, schrieb Manuel Bieling: > On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote: >> i never allowed any webserver in the past 10 years to >> use the sendmail binary for a lot of reasons like header >> injections and so on > > Good, but possibly would not have helped. For me it looks obvious like > 'Stealrat' which opens a socket too.
postfix does not need to relay without authentication even on 127.0.0.1 > I never used PHP in the past 10 > years would be more convincing. However, I agree using a mail relay and > mail storage on one maschine with a webserver is too much. > > if(@mail($recipient, $subject, $message, $reply . $type, "-f$sender")) > die(chr(79) . chr(75) . md5(1234567890) . "+0"); > > [...] > > if(!in_array('fsockopen', $config)) > $socket = @fsockopen($address, 25, $errno, $errstr, 20); > elseif(!in_array('pfsockopen', $config)) > $socket = @pfsockopen($address, 25, $errno, $errstr, 20); > > [...] disable_functions = "exec, passthru, shell_exec, system, proc_open, proc_close, proc_nice, proc_terminate, proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, mail, symlink, link, dl, get_current_user, getmypid, getmyuid, getrusage, fsockopen, pfsockopen, socket_accept, socket_bind, openlog, syslog"