On Wed, 4 Jan 2023 at 00:52, Hébergement Arbre Binaire <hebergem...@arbrebinaire.com> wrote: > > I really appreciate your (very) thorough answer. I'll use it to search for a > solution or devise a homemade one. > > The problem I'm describing affects so many web hosts... I'm surprised that > this security problem has not been circumvented in any reliable way. I > understand Postfix cannot fix alone the security issues of a web host, but a > sensible sending default rate of let's say 500 mails/hour would solve a lot > of common abuse situations without affecting normal traffic.
Specifically for PHP I have written my "php-secure-sendmail" script many years ago. It is configured in PHP via the "sendmail_path" configuration separately for each domain website. The domain is passed as the first parameter. The script tracks sent emails (per the website domain) in MySQL database and if not over limit, just passes the data to actual sendmail binary. If overlimit, returns error and so does PHP's mail() function. Here is link https://www.marki-online.net/php-secure-sendmail/ I still use it and was modifying it to run under recent Debian/python versions, but didn't update it on the webpage, so if someone wants to try it out, let me know. It works fine for normal "botnet/hacked script" overusage. To be bulletproof, you must firewall port 25 from PHP users and also probably somehow disable actual sendmail binary (but that in case of some person really trying to overcome this solution) I have similar limits for SASL authenticated emails, but in this case I just put the messages into postfix HOLD queue for manual inspection. It has saved us from being on blacklists every time some customer's email password is stolen by virus and abused. -- bye, Marki
