hello
i want to make some restriction.
i've ISPConfig instaled and work very good, but i have some sequrity hole.
when i use php mail() from other server i can send e-mail!!!
here is php simple code:

ini_set("SMTP","hhh.hhh.hhh.hhh");
mail('hhhh@hhh.hhh', $subject, $message, $headers );

How can i restrict that!?
i've found somthing about this problem in internet, but i don't know that it is right:

smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
reject_unauth_destination
if this work, how can i maket it work with ISPConfig installation

Thanks

Almost sure your other server is inside your network, did you try from outside your network?

Yes i did. I'm sure about that.

Did you follow the perfect setup steps?

The commands must be on /etc/postfix/postfix.conf (i believe) and the perfect setup put this lines inside.

If i was you add the line:

mynetworks = 127.0.0.0/8

to your main.cf file.

(If it is not there)

This will allow email sending only from the network configured in the variable mynetworks. This is normally set to 127.0.0.0/8 which means sending is only allowed from localhost.

readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mydomain = domain.com
myhostname = $mydomain
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_auth_enable = yes
mynetworks = 127.0.0.0/8
smtpd_client_restrictions = permit_mynetworks
smtpd_delay_reject = no

smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
inet_interfaces = all
alias_maps = hash:/etc/aliases
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
masquerade_domains = $mydomain


here is my main.cf

everything is as perfect setup

Thats correct so far. Please check with a relay test if your server is really relaying mail:

http://www.abuse.net/relay.html

Please post the output of:

postconf -n | grep mynetworks