Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php mail() sending emails not related with domain

Discussion in 'E-mail Discussion' started by morb, Mar 22, 2011.

  1. morb

    morb Registered

    Joined:
    Mar 22, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    Hi, I had a user acount with php code injected (trought joomla).
    The code is a form to send email thought mail(), i found it sending email from a non existent domain in my server. It had as FROM system@somebank.com, how can I stop this ? Block php from sending emails from non existent domains or from sending emails not related with the domain is being executed.

    sendmail_path = "/usr/sbin/sendmail -t -i -f webmaster@{DMN_NAME}" ??? how to do this ?
     
    #1 morb, Mar 22, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You can remove sendmail and only allow SMTP authentication from PHP scripts. sendmail doesn't have the capabilities of exim for configuration and it's neigh impossible to prevent spoofing and spamming using it. Joomla specifically has the option to use SMTP authentication to send emails in the configuration settings.

    Yes, some users would have to modify their scripts who have not set them to use SMTP authentication if sendmail is no longer on the system, but that's the price to pay for increased security.

    Now, if you do enable SMTP authentication only and want to prevent spoofing using it, you can put the following ACL into the exim configuration:

    Code:
    acl_check_data:
deny
 authenticated	 = *
 condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
  { !eqi{$authenticated_id} {${address:$header_From:}} }\
 }\
 }
 message	 = Your FROM must be as the account you have authenticated with, your email is not delivered.
    This would go into the box where it has begin acl directly about it (the second box in the WHM > Exim Configuration > Advanced Editor area) and should prevent spoofing via webmail and anyone authenticating with SMTP.

    I actually mention the above rule along with some other tips to help with tracking spammers in this forum post:

    http://forums.cpanel.net/f43/open-relay-170798-p2.html#post777302
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, Mar 23, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - mail() sending emails
  1. Pete Downes

    Configure return path/sender in PHP mail() scripts?

    Pete Downes, May 3, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    180
    cPanelLauren
    May 3, 2018
  2. postcd

    SOLVED How to prevent all cPanel PHP mail() to be sent from server hostname?

    postcd, Mar 18, 2018, in forum: E-mail Discussion
    Replies:
    7
    Views:
    853
    cPanelMichael
    Mar 19, 2018
  3. dakanadaka

    email sent with php mail() function, it arrives around 12 hours later?

    dakanadaka, Feb 21, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    261
    cPanelMichael
    Feb 21, 2018
  4. Irfan Arfiandi

    Unable to send email using PHP mail().

    Irfan Arfiandi, Dec 10, 2017, in forum: E-mail Discussion
    Replies:
    2
    Views:
    883
    cPanelMichael
    Dec 11, 2017
  5. jmartinmds

    WordPress mail() FROM address

    jmartinmds, Jul 27, 2017, in forum: E-mail Discussion
    Replies:
    1
    Views:
    604
    cPanelMichael
    Jul 28, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice