In web servers that host many websites there is always the possibility of a hacked site being abused in order to send spam mails with some kind of php mailer bot.
In my case sendmail is configured for mailing in the php.ini of each site, and I am wondering if there is a way that I can prevent this kind of problem (like aplying rules for maximum mails send from a certain domain etc.).
Dirty hacks (scripted solutions) are also welcome.
Answer
off the top of my head:
- Disable
mail()
inside ofPHP
and allow it per site. - Enforce
SMTP
authorization
and refuse non authorized users. - Handle (throttle) it on
MTA
side (postfix
,sendmail
, etc).
No comments:
Post a Comment