Matthew Weigel <unique <at> idempot.net> writes: > Huh? I'm talking about the CMS itself authenticating to the SMTP server, > and giving each application a single set of credentials.
chroot is the name, and isolation is the game. > This should be set in > the CMS's config files, much like database credentials. Again, I didn't write or install them. > Then I configure that board's software to > connect to my > SMTP server to send mail, and it has to authenticate as "board <at> idempot.net" to > send any mail. Now, if my server starts sending out spam, I can check the > logs and see if the spam is coming from the user "board <at> idempot.net" > to verify > that the particular board software I'm using is the compromised software > or not. And here we come to something! This makes sense, compared to me looking through users' code: A hook that allows the insertion of a filter either in php before calling mini_sendmail, or in mini_sendmail itself. postfix is the wrong answer, because the default sender from chrooted mini_sendmail would be 'root', and postfix needs to accept mail from root. So that filter would do something like deny all allow cms_legal allow cms_department allow cms_conference In case anybody had some snippets, I'd be grateful to receive those. Thanks, Uwe
