PHP and sendmail : reject users with no From: header address

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PHP and sendmail : reject users with no From: header address

gerrit-14
Hi everyone.

In my main.cf i got this line :

authorized_submit_users = !apache, static:anyone

This line restrict apache from sending mail via the sendmail way. Since
most users use the mail() statement in php, which uses sendmail to sent
mails, its the preffered way.

My goal is, to restrict those people on the server, who haven't set a
proper From: header.
The mail is then send with a sender address of (in postfix terms ;) )  
apache@$myhostname  

I want to reject those users, and i believed to have the answer with the
above line in main.cf.
But even with a proper From: header which is not apache@<somedomain>,
the message is still rejected.
Is there a way to get this right.


Regards,

Gerrit.

Reply | Threaded
Open this post in threaded view
|

Re: PHP and sendmail : reject users with no From: header address

Noel Jones-2
gerrit wrote:
> Hi everyone.
>
> In my main.cf i got this line :
>
> authorized_submit_users = !apache, static:anyone

The above prevents the apache USER from using the sendmail
command.  This has nothing to do with the envelope sender
address or From: header.

Specifically, this prevents the apache USER from using the
sendmail command, regardless of the envelope sender or headers
the apache USER might specify.
It does NOT prevent other users from specifying apache@$domain
as the sender.
It does NOT prevent the apache user from submitting mail via SMTP.


>
> This line restrict apache from sending mail via the sendmail way. Since
> most users use the mail() statement in php, which uses sendmail to sent
> mails, its the preffered way.
>
> My goal is, to restrict those people on the server, who haven't set a
> proper From: header.

If no From: header exists, it is automatically set to the
envelope sender address.  Postfix does not report the absence
of a From: header.

You can reject selected From: HEADERS by using an appropriate
header_checks rule.  You cannot reject mail that is missing
the From: header.

You can reject selected envelope senders in SMTP mail by using
an appropriate check_sender_access map.

--
Noel Jones