Hi,

My webserver was recently under attack from spammers using some buggy ajax script on a client website.

I override /usr/sbin/sendmail using a php script which logs in all sendmail accesses which shows the directory from where the script is trying to send.

Now I want to stopped the php mail() functionality completely and have SMTP authentication.

Please suggest a way to do so.

Thanks
Richard

It looks like setting sendmail_path to '/bin/false' will accomplish this (or you could use /bin/true if you want the script to believe that sending mail was successful).

How to set up SMTP authentication depends on which mail transfer agent you are using (Postfix, Exim, Sendmail, Qmail, etc.). A Google search should turn up useful info, or try the Linode library.

Indifidual PHP functions can be disabled using the disable_functions directive in php.ini. If somebody is desperate, though, there are many other ways to send mail. You'd also have to disable all functions that allow making outbound TCP connections or execute anything on the shell.