Do you have any idea how to prevent this? The only way you captcha on the site with page? PHP can be secure and enforce additional authorization? Fragment of my postqueue: Code: -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 8FBF9304815* 3453 Sun Oct 13 12:46:08 [email protected] [email protected] 540EE30480D* 3446 Sun Oct 13 12:46:07 [email protected] [email protected] 29F7B30BF17* 3466 Mon Oct 14 08:13:26 [email protected] [email protected] 75484305A84* 3453 Sat Oct 12 21:33:37 [email protected] [email protected] 9C2EE303DAB* 3472 Sat Oct 12 13:23:59 [email protected] [email protected] 58CF7304808* 3451 Sun Oct 13 12:46:06 [email protected] [email protected] 020F830D0B1* 3444 Mon Oct 14 07:30:25 [email protected] [email protected] 00B6D305742* 3441 Sat Oct 12 23:30:59 [email protected] [email protected] DB88930D0D3* 3450 Mon Oct 14 07:30:22 [email protected] [email protected] A263D30A5BE* 3438 Mon Oct 14 02:21:03 [email protected] [email protected] ED5AB30D08D* 3454 Mon Oct 14 07:30:25 [email protected] [email protected] 611AD30481A* 3443 Sun Oct 13 12:46:02 [email protected] [email protected] F3F9130D0A6* 3439 Mon Oct 14 07:30:21 [email protected] [email protected] D322930D0AC* 3440 Mon Oct 14 07:30:23 [email protected] [email protected] mail.log: Code: Oct 10 09:53:29 prime postfix/qmgr[2954]: C5E0F1287ED4: from=<[email protected]>, size=4842, nrcpt=1 (queue active) Oct 10 09:53:29 prime amavis[27159]: (27159-09-23) Passed CLEAN {RelayedOpenRelay}, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_i Oct 10 09:53:30 prime postfix/local[27848]: 1C8BB1287ED8: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Oct 10 09:53:30 prime postfix/local[27848]: 742271287ECF: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Oct 10 09:53:33 prime postfix/local[27848]: 8CB2F1287ECD: to=<[email protected]>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Oct 10 09:53:33 prime amavis[27159]: (27159-09-25) Passed CLEAN {RelayedInbound}, [74.125.83.66]:46601 [74.125.83.66] <> -> <[email protected]>, Queue-ID: 187C71287ED1, Message-ID: <089e01681ba4d5fad104e Oct 10 09:53:33 prime postfix/smtp[27036]: 187C71287ED1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=25, delay=8.5, delays=0.12/4.9/0/3.5, dsn=2.0.0, status=sent (250 2.0.0 from MT Oct 10 09:53:38 prime amavis[27873]: (27873-02) Passed CLEAN {RelayedInbound}, [212.188.178.246]:52393 [212.188.178.246] <> -> <[email protected]>, Queue-ID: 2ECCD1287ECD, Message-ID: <20131010075332.DB7 Oct 10 09:53:38 prime postfix/local[27848]: 0F0981287ECE: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Oct 10 09:53:38 prime postfix/smtp[26447]: 2ECCD1287ECD: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.9, delays=0.19/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0 Oct 10 09:59:55 prime postfix/qmgr[2954]: E5D961287ECC: from=<[email protected]>, size=4860, nrcpt=1 (queue active)
We started to block ALL email (@gw) from web-servers that tried to send email directly out. This requires (external) SMTP accounts for ALL web-sites on these servers. Basically this is a lot more work but so far we have not figured out a way to do this smarter.
mail.add_x_header - Adds an extra header to the e-mail showing which script made the call to mail() => http://php.net/manual/en/mail.configuration.php
reviving this old thread as I have a related question: so assuming I've mostly secured outgoing emails, what about the occasional ones that slip through? I mean they bounce back into something like [email protected] (just picking up the above example) which means they'll never reach me or the client. Would it not be possible to setup a catch-all which redirects all webXX to the client who owns that particular web?