How to seperate php mail from regular mail?

[l.degroot01]

We are facing a lot of spamming on our own VPS servers (9 Servers).
Most of the time this is caused by hacked websites.

We take action as soon as possible, but in the most cases we're already blacklisted, which affects all of our clients.

Now we've got the idea to seperate the php mail from the regular mail, and forward mail generated to an low budget server which will throttle al the mail by 1 message per 2 seconds. As further security measurements we're adding a limit of 200 mails each day per domain.

The low budget mailserver has been fully configured, but how to setup the directadmin servers to forward "ONLY" the phpmail to an external server?

Does someone have a idea about this?

Greetings Leslie de Groot

 

[nobaloney]

At the exim level you'll need to identify the emails by a header which identifies it as being sent by PHP, and then run it through a smarthost router based on that.

Or at the level of each PHP program, have it use an external mailserver.

Your limits may prevent your users from running php-powered mailing lists on your server.

Jeff

 

[l.degroot01]

At the exim level you'll need to identify the emails by a header which identifies it as being sent by PHP, and then run it through a smarthost router based on that.

Or at the level of each PHP program, have it use an external mailserver.

Your limits may prevent your users from running php-powered mailing lists on your server.

Jeff

I'm kind of a exim Noob, but i can test it on testservers before adding the code to the liveservers.

If i understand you right, i can filter all mail, ending with the server hostname and relay that to the external server?

Most of the cmses use the main user's mail account such ass domain1@hostname

Or do you mean adding a custom header to php mail and filter on that?

Sorry for my bad english

 

[l.degroot01]

Correction most cmses send out as user@hostname

 

[nobaloney]

On our systems PHP emailers all seem to add a header line which starts with X-PHP. I'm not sure if that's something we've done or not. And it's likely that spam programs uploaded to the user account won't.

There are several different ways you can identify email which comes from the server. For example you can disallow injection through smtp from 127.0.0.1 (localhost) and require calling exim through the sendmail interface. Then any email coming in through the sendmail interface can be redirected to the other server.

Jeff

 

[zEitEr]

On our systems PHP emailers all seem to add a header line which starts with X-PHP

For PHP 5.2 directadmin offers usage of PHP patch (written by Giam Teck Choon). This is a patch to add an informational header to messages sent from PHP via the mail() function. This can help to track which script on a server was used to send a message, and which client caused it to be sent.


https://choon.net/php-mail-header.php


Since PHP 5.3 there is no need to use the patch, as PHP ships with it, as far as I know.


Thus you can filter relying on the X-PHP-Script header. But please do a double-check, I don't guarantee that your PHP build does it all the same way.