Results 1 to 4 of 4
  1. #1

    Question securing PHP mail() function

    Hello, I have a couple of boxes managed by an outsourced support service, however usually forms are abused, basically trough mail() function, i am basically looking to a second opinion here

    Is there a way to avoid mail() function to send mail to domains that are not in the server? What would you do to secure it without disabling it? The boxes have PHP 4.x

    I'll appreciate your help.

    Jose Luis
    Josť Luis

  2. #2
    Join Date
    Mar 2003
    California USA
    Its possible but why would you want to do that? it would break things like forums etc.
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  3. #3
    Join Date
    Nov 2003
    Auckland, New Zealand
    Like Steven said, it's a bad idea to completely turn it off - however, it's possible to limit the dangers of the abuse quite a bit. There are patches that you could install to stop injection into the mail() command from legitamate variables. However they still cause problems with some boards. Quite a few boards now a days have pop mail facilities, and you can use that much more easily.
    BLUETRIDENT.NET - Reliable Shared, Reseller and Dedicated Hosting Solutions Provider
    Managed Hosting with Personal Service
    Highspeed Content Servers, Lighttpd, Ruby on Rails, Cluster Servers & Rich Web Application Hosting

  4. #4
    Thank you all, my first choice is not to disable it, just secure it. I once worked with a server and aparently mail() couldn't send e-mail to domains which where not in the server, and messages to internal accounts arrived, is this possible?

    Jose Luis
    Last edited by joseluis; 09-14-2006 at 11:43 PM.
    Josť Luis

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts