On Sat, Aug 03, 2019 at 09:25:29AM +0200, DL via Exim-users wrote: > Sometimes one of these accounts using a CMS get hacked, and the hacker is > able to send out spam email using a CMS php vulnerability. > When it happens I see hundred of rows like this below in EXIM log: > > 2019-07-29 06:40:30 cwd=/home/nordic/public_html 4 args: /usr/sbin/sendmail > -t -i -p125 > > My question is, may I configure temporarily exim.conf to block any email sent > from: > > /home/nordic/public_html
As /usr/sbin/sendmail is usually symlink to Exim, you can substitute it with wrapper script, i.e. something like: ------------------------------------------------------------------------ #!/bin/sh case "`pwd`" in /home/nordic/public_html ) cat - > /dev/null ; exit ;; esac exec /usr/sbin/exim "$@" ------------------------------------------------------------------------ Put any desired logic here. But note that this approach does not protect against direct invocation of Exim, forcing SMTP+AUTH might be better. -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
