Spam blocking at the Exim/Apache level?

O

Oleg Svirchev2014-12-14 14:05:08

PHP

Oleg Svirchev, 2014-12-14 14:05:08

There is a server with exim, and installed apache in mpm-itk mode. It has a lot of domains. Often sites are hacked (wordpress is worth it) and send spam through the php mail function . It is not possible to block spam in time, so IP addresses end up in the spam database. So, a question for experts:
How can I block the distribution of any mail for one domain through exim or apache. I tried via virthost in apache, prescribe disable_functions, sendmail_path /dev/null. Nothing helps. Maybe it is possible to block php mail distribution via Exim? I will be glad to any thoughts. It is IMPOSSIBLE to change the web server operation mode or the mail system!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Petrikov, 2014-12-14
@svirchoff

Catching and cleaning, for exim something like this www.inmotionhosting.com/support/email/exim/find-sp... step by step and accessible. Most of the infections that I have seen do not use the mail() function and have their own mailing function inside (there are 10 lines of code, it makes no sense to bind to the environment), so disabling sendmail_path in php will not do much. Unless, as an option, change it a little to something like:
well, that is, to log all mail passing through this function, it helps to quickly find the source of the mailing, if the mail function is still used. And so the advice is standard: clean, updating engines to the latest versions, code revision, prohibiting the execution of scripts at the OS level from directories with tempo logs and other places where garbage is most often filled in and the contents of which can be influenced by the user.