On 10/08/2013 01:44 AM, Stan Hoeppner wrote:
> 
> Understood.  For a more permanent solution to this script problem, you
> may want to consider locking down or disabling the pickup service, and
> configuring all web applications and MUAs to use the submission service
> with auth.  This will prevent such scripts from being able to send mail
> in the event some crafty soul is able to get one uploaded via something
> other than FTP.
> 

Having mail() as the universal interface is nice while you're developing
in PHP, since there's no need to fiddle with the settings when moving
between development and production.

In case of smart hacker / stupid customer, we set,

  sendmail_path = /usr/sbin/sendmail -t -i -f postmas...@example.com

in php.ini so that any attempts at abuse generate bounces to an
administrator (postmaster@) rather than e.g. the From header of the message.

You'll need to override it in certain cases, but it's a safe default. An
additional layer of defense is to set,

  mail.log = syslog

in php.ini and then use the existing syslog notification mechanisms to
alert an admin of anything unusual. Unfortunately this fails in roughly
the same cases that the envelope sender override does: if someone is
running a massive phplist mailing list, they need their bounces (to
remove bad addresses), and I don't want to hear about every message they
send.

Reply via email to