Ah, a possible script vulnerability. No, it will not stop php mail() to local domains/users. But depending on your setup, you can enforce authentication. As long as you have that you're oke. Are some scripts being abused on your system? You should track down the offending script and remove it from your system, no matter how hard the user/owner of that website complains. Tell him you don't allow broken scripts for the sake of all the users on your system.
No, one is currently abusing the system, i just want to prevent anyone from possibly in the future trying to. Dont want any spam mailers on my system Could you explain to me how to add authentication? I would like my site and a few others sites of people i trust to be allowed to send mail but not anyone else Thanks, Alex
You could remove 127.0.0.0/8 from the mynetworks line in /etc/postfix/main.cf. That way even localhost and therefore all PHP scripts, webmail applications, etc. would have to authenticate to send mail.
The PHP mail function is not able to authenticate itself, you must use a PHP email class for sending mails that supports smtp authentication.
I guess you would have to reconfigure UebiMiau. Generally every mailuser in ISPConfig can send mail, so its just enough to create a user and use this username and password for sending mail.
Thanks for all your help but i figured out how to stop certain users from sending out outgoing mail! Thanks again, Alex!
