On 07/27/11 17:41, Reindl Harald wrote: > > > Am 27.07.2011 23:22, schrieb Wietse Venema: >> >> Is this machine running a webserver? Look in the access logs > > if this is the reason consider disable smtp on 127.0.0.1 > because most of dumb injected scripts are trying this instead > the network address! > > disable php's mail()-function and every function > which can excecute shell commands is mandatory > (shell_exec, exec, popen.......)
You can't really disable mail() on a web host, but PHP recently made it not-impossible to monitor its use: http://www.php.net/manual/en/mail.configuration.php#ini.mail.log
