Am 08.10.2013 11:32, schrieb Manuel Bieling:
> On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote:
>> i never allowed any webserver in the past 10 years to
>> use the sendmail binary for a lot of reasons like header
>> injections and so on
>
> Good, but possibly would not have helped. For me it looks obvious like
> 'Stealrat' which opens a socket too.
postfix does not need to relay without authentication even on 127.0.0.1
> I never used PHP in the past 10
> years would be more convincing. However, I agree using a mail relay and
> mail storage on one maschine with a webserver is too much.
>
> if(@mail($recipient, $subject, $message, $reply . $type, "-f$sender"))
> die(chr(79) . chr(75) . md5(1234567890) . "+0");
>
> [...]
>
> if(!in_array('fsockopen', $config))
> $socket = @fsockopen($address, 25, $errno, $errstr, 20);
> elseif(!in_array('pfsockopen', $config))
> $socket = @pfsockopen($address, 25, $errno, $errstr, 20);
>
> [...]
disable_functions = "exec, passthru, shell_exec, system, proc_open, proc_close,
proc_nice, proc_terminate,
proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo,
posix_setpgid, posix_setsid,
posix_setuid, mail, symlink, link, dl, get_current_user, getmypid, getmyuid,
getrusage, fsockopen, pfsockopen,
socket_accept, socket_bind, openlog, syslog"
