Prevent abuse of sendmail for spam

Question

In web servers that host many websites there is always the possibility of a hacked site being abused in order to send spam mails with some kind of php mailer bot.

In my case sendmail is configured for mailing in the php.ini of each site, and I am wondering if there is a way that I can prevent this kind of problem (like aplying rules for maximum mails send from a certain domain etc.).

Dirty hacks (scripted solutions) are also welcome.

score 1 · Accepted Answer · answered Jul 10 '14 at 20:38

1

off the top of my head:

Disable mail() inside of PHP and allow it per site.
Enforce SMTP authorization and refuse non authorized users.
Handle (throttle) it on MTA side (postfix, sendmail, etc).

answered Jul 10 '14 at 20:38

alexus

13,112
32
117
174

Disabling the command seems like an unfair thing to do. There are many websites that send out mails using contact forms etc. – Metalmini Jul 11 '14 at 08:24

score 0 · Answer 2 · edited May 23 '17 at 12:41

0

After a quick google i found this on Stackoverflow.

https://stackoverflow.com/questions/226699/how-to-monitor-postfix-mta-status

There is a script on the second answer. That might help you out. This way no interference on functionality and you will be kept in the loop is there is something wrong.

edited May 23 '17 at 12:41

Community

1

answered Jul 11 '14 at 08:28

Metalmini

109
1
4

Prevent abuse of sendmail for spam

2 Answers2