disable php mail for site, blok "unexisting" sender

I have ispconfig3 on centos 5.6 server. One of sites was "hacked" and producing lot of spam mail. I fix this... but for prevent similar things in future I have 2 question:

1. Is it possible to disable php mail function for sime site? Usualy its possible to disable php functions in php.ini ( disable_functions = mail ) - is it possible this in ispconfig3 just for some sites?

2. Is it possible to configure postfix that it wont allow sending email for nonexisting email aliases?
I want to prevent that local postfix send mails when I have in header: non_existing_alias@existing_domain
(that postfix will check also alias not just relay domains)

 

And another question on same topic.

Is it possible to configure postfix for sending with smtp auth only? So that postfix will deny sending (local) mails through php mail functions without user authentication?

 

Sorry for the respawn but removing 127.0.0.1 from mynetworks in the main.cf did not fix this. We have pretty much the same problem: Hacked Wordpress-Instance sending out a lot of spam. So that postfix will deny sending (local) mails through php mail functions without user authentication?

postconf -n, Output:

Code:

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_dot_mydomain = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
default_privs = vmail
delay_warning_time = 4h
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 0
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = ######, localhost
mydomain = ######
myhostname = #####
mynetworks =
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_enforce_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_cert_file = /etc/postfix/mail.cert
smtp_tls_enforce_peername = no
smtp_tls_key_file = /etc/postfix/mail.key
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP Mailserver
smtpd_client_connection_count_limit = 2
smtpd_client_connection_rate_limit = 10
smtpd_client_message_rate_limit = 10
smtpd_client_new_tls_session_rate_limit = 10
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = private/auth_dovecot
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/mail.cert
smtpd_tls_key_file = /etc/postfix/mail.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = no
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000

To test this is set up a new domain (using suPHP) and inserted the following php-Script :

Code:

<?php $to = '#######@gmx.de'; $subject = 'Test email using PHP'; $message = 'This is a test email message'; $headers = 'From: [email protected]' . "\r\n" . 'Reply-To: [email protected]' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '[email protected]'); ?>

The mail was succesfully send to the recipient @gmx.

What is wrong with the configuration here? Why does this mail get send?

 

Thanks for your fast reply. It is possible to add this parameter to php.ini - but the custom php.ini (suPHP) is controlled by our reseller not by us directly. Furthermore we don't want to set this option for every customer.

So there is basically no way to stop this on postfix level?