Uwe Dippel wrote: > Matthew Weigel <unique <at> idempot.net> writes: > >> Then you have grown your userbase too fast with a terrible setup, and now >> you're caught in the middle of fixing the problem or avoiding downtime. > > Are you sure this is not a misunderstanding? When you host user accounts, on a > tight, default, setup of OpenBSD (or any other OS), and allow them to ftp into > their web-directories, how could one prevent them from uploading code that > mail()-s something? Aside of removing mini_sendmail, that is.
Yes, that. >> Sure, if you go through and find every line of code where mail() is called, >> you can add logging at that point. But so far you've refused to make any >> changes to the applications. > > Are you sure that this is not a misunderstanding? Which sysadmin can 'make > changes to the applications' that his 200+ users run?? My point is that it's not much an option. Logging how mail() was called requires you to go in and log each time mail() is called. PHP won't do it, Apache won't do it. So mail() is a terrible option. >> His idea is the right one. Most PHP applications I've dealt with support, at >> least through plugins or extensions, SMTP + AUTH for sending mail instead of >> PHP's mail(). > > Are you sure that this is not a misunderstanding? If you host, for example, > any > CMS, it should have the functionality to the remote user, registered with that > CMS, to request a password reset. Which SMTP+AUTH do you want to use here?? Huh? I'm talking about the CMS itself authenticating to the SMTP server, and giving each application a single set of credentials. This should be set in the CMS's config files, much like database credentials. In fact, pretty much EXACTLY like database credentials, in that (presumably) you've configured each web application to have its own credentials with privileges specific to that one application (e.g., what databases it can access). Here's an example: I run a discussion board. All email notifications coming out of the board come from a particular email address; let's call it "[email protected]". Then I configure that board's software to connect to my SMTP server to send mail, and it has to authenticate as "[email protected]" to send any mail. Now, if my server starts sending out spam, I can check the logs and see if the spam is coming from the user "[email protected]" to verify that the particular board software I'm using is the compromised software or not. -- Matthew Weigel hacker unique & idempot . ent
