The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Preventing sendmail

Discussion in 'E-mail Discussions' started by ssambhi, Oct 30, 2014.

  1. ssambhi

    ssambhi Member

    Joined:
    Oct 30, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi all,
    I'm trying to prevent PHP scripts from being able to send unauthenticated email through my server. I've read to change the following:

    Tweak Settings:
    Prevent “nobody” from sending mail [?] [ON]

    However, when installing this test PHP file (see below, replaced email addresses with XXX), the email is still being sent. Any ideas?

    Code:
    
    <?php
       $to = "XXXXX@gmail.com";
       $subject = "This is subject";
       $message = "This is simple text message.";
       $header = "From:XXX@XXX.com \r\n";
       $retval = mail ($to,$subject,$message,$header);
       if( $retval == true )  
       {
          echo "Message sent successfully...";
       }
       else
       {
          echo "Message could not be sent...";
       }
    ?>
    
    Thanks in advance.

    - - - Updated - - -

    Also worth noting I have set up a limit of 25 emails per domain, but i can send as many messages as i want through this script.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    For PHP scripts, you could add "mail" to the disable_functions line in your PHP configuration file. The following document may also be helpful:

    How To Prevent Email Abuse

    Thank you.
     
  3. ssambhi

    ssambhi Member

    Joined:
    Oct 30, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks. Where is the php.ini file that is used by the whole server? Or does this php.ini file need to be uploaded to each cpanel folder? Sorry, not an expert in this area.

    Thanks in advance.
     
  4. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    If you want to disable this php mail function for all user than you will have to update your server php.ini (/usr/local/lib/php.ini)
     
  5. malioml

    malioml Registered

    Joined:
    Oct 31, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    In cpanel u can modify php.ini by searching "PHP Configuration Editor".

    i have the same question and cPanelMichael´s answer is uncompleted because if u disable mail() function in php.ini, u can still send unauthenticated mail through phpmailer setting $mail->SMTPAuth = false;

    Also, i have perl files that use sendmail unauthenticated and i could send with mail() disabled.

    thanks and sorry for my english.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. ssambhi

    ssambhi Member

    Joined:
    Oct 30, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, so I have set up limits in both "Tweak Settings" and "Packages" and "List Accounts" limiting each account to 20 emails per domain. However, a rogue script is able to send email (it's a PHP script on the server). I have also tested my own script on my personal account, and it's also able to send as many emails as it wants through PHP. How do I limit PHP? See attached sample, it's the cPanel or root account in every case that's getting around the limits. HELP!

    scr1.jpg
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  9. ssambhi

    ssambhi Member

    Joined:
    Oct 30, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I can't do that because then my Drupal websites are unable to send email. I've tried a few variations of entries into php.ini and all of them cripple Drupal, even if configure to use SMTP.

    I don't understand why cPanel's setting of the Limit emails per domain per hour have no effect on email sent by PHPmail. Where is the setting to reduce that hourly send limit?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    What PHP handler are you using?

    Thank you.
     
  11. ssambhi

    ssambhi Member

    Joined:
    Oct 30, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    IT's set to use suPHP
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket so we can take a closer look if the mail limiting feature is not working. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page