Postfix not honoring sendmail -f

Discussion in 'Installation/Configuration' started by RootEtsy, Aug 28, 2016.

  1. RootEtsy

    RootEtsy New Member

    Hi all,
    First, I'm not too familiar with Postfix. I've always run Exim.
    On the server I've been testing ISPConfig with, I had originally used Exim and had the mail modules in ISPConfig disabled. In that configuration, when I sent an email with a PHP script the from address was correctly rewritten with "[email protected]".

    I thought it might be handy to have some mail functionality so I replaced Exim with Postfix. Email is working but now when I send mail with a PHP script the from address is not rewritten like it should be.

    Does anyone know what setting I might be missing in Postfix? I used the config from the perfect server docs and I've verified that the sendmail -f flag is set correctly with a phpinfo file in that site.

  2. RootEtsy

    RootEtsy New Member

    This is weird. So if I run it from the command line like this it works:
    # sendmail -t -i [email protected] << EOF
    > From: [email protected]
    > To: [email protected]
    > Subject: test
    > test
    > EOF

    Why would this not be working in PHP? I'm using PHP-FPM and the phpinfo file shows it set correctly.
  3. RootEtsy

    RootEtsy New Member

    Sorry to keep posting, I'm just working through this. I've done a bunch of testing and found something that is kind of concerning for me.

    Using a very simple PHP mail script I was able to reproduce the issue that I was seeing in the contact form that brought up the issue. Look at the line below.
    mail($to,$subject,$message, $headers, "-f [email protected]");

    With this I can override the return path set in the FPM config. Another example here:
    sendmail -t -i [email protected] [email protected]

    With the postfix sendmail command, the last one is the one being used.

    What concerns me is that someone could use a PHP script to modify this behavior completely from what I'm setting in the FPM config and send spam pretty easily. This isn't possible with the configuration I had in Exim.

    Maybe I'm making a big deal out of nothing. IDK. I would prefer to be able to FORCE the return path.
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Look at mail.force_extra_parameters, it sounds like it should cover that:
    ; Force the addition of the specified parameters to be passed as extra parameters
    ; to the sendmail binary. These parameters will always replace the value of
    ; the 5th parameter to mail().
    ;mail.force_extra_parameters =
    Of course unless you go out of your way to prevent it, any php site can also just use direct SMTP and bypass the mail() function altogether, and supply any envelope sender address they wish.
  5. RootEtsy

    RootEtsy New Member

    Thanks Jesse! That does look like what I'm looking for. I'll have to look at it.

    Looks like I was wrong about Exim. After some other testing it looks like it has the same behavior. For some reason this particular plugin acts different between the 2 servers which I haven't figured out. I did find a way around it though.

    As for them using SMTP to send mail. I don't really care if they do that, just don't want them using my mail server for it. Lol. Either way, I monitor the mail queue and have hourly limits on both so I'll know pretty quickly if that happens. :)

Share This Page