Interesting and quick solution :) Thanks. But what about system users
(root, cronjobs) who needs to send mail via non-authenticated mechanism?
If I block localhost will they be able to submit mails?
About webapps sending mail if they have an smtp engine, I rarely seen
code injection with built-in smtp engine able to setup itself to use
user-password credentials to login on the underlying MTA system.
About IDS, you are right, but hosted users often aren't capable to
quickly rewrite their apps to solve the bug, so I need a way to block
emails in the meantime.
Thanks for your suggestions
g
On 18/07/2015 22:17, Cyborg wrote:
Am 17.07.2015 um 16:49 schrieb Giuliano David:
Can anyone point me in the right direction to achieve the same with
exim4?
Just remove 127.0.0.1 from the relay host. If all other connection must
authenticate, so must webapps then.
BUT:
none of the existing webapps does that NOR do they know how to do so.
They simply call 'sendmail' via the php mail() function.
If they do not have a real smtp engine build in, they never will send a
message again.
And even IF they build it in, that does not stop hacks from happening
and your problem starts all over.
What you need is a IDS System to stop the hacks from happening. Much
easier and cheaper: update the apps asap the exploit is found :) ( and
get paied for it ;) )
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
