sendmail "from:" spoofing

Discussion in 'Server Operation' started by trogper, Jul 11, 2019.

  1. trogper

    trogper New Member

    Hi

    I have a (formerly?) clean installation of ISPConfig 2.9 on Debian 8 upgraded to 3.1 on 9.9
    How do I prevent web users (php scripts) from spoofing email "from" addresses?
    I want to limit web users to send only email "originating" from their domains, now they are able to use sendmail with any "from" address.
    I don't want to disable sendmail for users as I feel it is too restrictive and easily circumventable.
    I have already configured something like this for SMTP sending using reject_sender_login_mismatch.
     

Share This Page