Hi mailing-list, I'm running a webserver which provides web- as well as mailservices. To send (relay) mails, remote users have to authenticate, but currently this is not necessary for local users (PHP etc...). This would be fine, but sometimes jerks inject php-files and start spamming. Virtually, I have no way to block them/enforce limits. Generally, there are three ways to send mail via PHP:
a) Using an own smtp-engine in order to send mail directly to remote hosts Blocking this was simple - just added a rule to the firewall, that only postfix-user is able to send mail to dpt=25 b) PHP's mail() via local postfix c) Own smtp-engine (e.g. phpmailer) via local postfix So I want to enforce postfix to only accept sasl-authenticated mails (even from localhost!), if the recipient is not a local user. For (b) I wrote a wrapper which wraps mail() in the way that it automatically adds an authentication. The script, that does the wrapping, checks rate-limits. Going this way, I can enforce rate-limits without changing php-code that relies on sending unauth-mails via mail(). But still, one could send unauth mail using (c). I tried to remove "permit_mynetworks" from smtpd_recipients_restriction, but this didn't work as expected. Any suggestions? Thanks in advance, Torsten.
