1

I have a website with forms where users can send us requests. In addition, the site sends a predefined email to the client. The form receives spam (big surprise) and I'm trying to block emails from going out when some [email protected] emails are used because the destination already told us (at least once) that the email is invalid.

+-----------------+
| Webform         |
+------+----------+
       |
       v
+-----------------+
| PHP             |
+------+-------+--+
       |       |
       |       +-----------------+
       |                         |
       | send form data to us    | send thank you note
       v                         v
+----------------------+  +--------------------+
| [email protected]  |  | [email protected] |
+----------------------+  +--------------------+

I'd like to at least block the email on the right (the one being sent to [email protected]).

For the purpose, I have a bad_recipients file with a list of regular expressions:

/.*hack.*@example.com/ REJECT
...

That works great from my computer, but from local PHP scripts, all the emails go through.

+---------------------------+           +---------------------------+
|                           |           |                           |
|  +---------------------+  |           |  +---------------------+  |
|  |                     |  |  SMTP     |  |                     |  |
|  | My Computer Postfix +--|-----------|->| Server Postfix      +--|---> destination
|  |                     |  |           |  |                     |  |
|  +---------------------+  |           |  +---------------------+  |
|             ^             |           |             ^             |
|             | What here?  |           |             | What here?  |
|  +----------+----------+  |           |  +----------+----------+  |
|  |                     |  |           |  |                     |  |
|  | My Computer Tool    |  |           |  | PHP Website         |  |
|  |                     |  |           |  |                     |  |
|  +---------------------+  |           |  +---------------------+  |
|                           |           |                           |
+---------------------------+           +---------------------------+

Note: What here? — I think this is using sendmail and postdrop. Can you confirm?

I'm thinking that the the PHP Website being local to the Server Postfix does not use SMTP. Instead, it would use sendmail and that means it bypasses the SMTP protections:

smtpd_recipient_restrictions=check_recipient_access regexp:/etc/postfix/bad_recipients, ...

Yet, PHP is clearly setup for SMTP:

[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost
; http://php.net/smtp-port
smtp_port = 25

Unless that setup is ignored because I'm not under Win32 and thus those parameters would be totally ignored on Linux? (I'm on Ubuntu.)

Is there any way to force Postfix to check the recipient list even when sending emails via sendmail?

Another question in link with the potential sendmail issue. But the answer is to block senders completely (from what I understand) opposed to letting emails through, but still verifying the recipient email address.

Do you have an idea on how to make sure recipients always get blocked?

Alexis Wilke
  • 2,697
  • 2
  • 19
  • 42
  • When you say block recipients list (which is largely a total waste of time, similar to using IP block lists), are these contact form spams? Or are they actually using your SMTP server to send spam? It sounds to me like your email sending logic has some really big security holes in it if you are having trouble with emails getting SENT, not incoming spams to contact forms. We deal with this issue heavily and what you are describing sounds like a significant error in your email flow. More details are needed, I don't understand the actual problem source, this problem shouldn't happen. – Lizardx Aug 15 '22 at 17:25
  • @Lizardx Nothing's perfect, for sure... I made an update to better explain what the website does (i.e. presents a form you can fill in and that generates two emails: one to us and one preformatted to the client). So the mail server itself and the websites are working properly... except that postfix does not seem to prevent the website from sending to any recipient and that seems to be the case because it would not be using SMTP (i.e. no SMTP between the PHP process and postfix—it then uses SMTP to forward to email to the final destination). – Alexis Wilke Aug 15 '22 at 17:51

1 Answers1

2

Yes, the settings for SMTP server and port in PHP configuration are for Windows version of PHP only. Under Linux (and other Unix-like systems), PHP uses directly /usr/sbin/sendmail command to send mail.

As you correctly assume, the mail does not go in via SMTP but is injected directly into Postfix queue, so smtpd_recipient_restrictions are not applied to it.

You have basically four options:

  1. block sending mail to unwanted addresses directly in your web form(s), not in the mail server
  2. write (or find somewhere in the Net) a milter that will do the mail filtering that you need and call it via non_smtpd_milters setting in your Postfix config
  3. In your PHP code, instead of a simple mail() function, use PHPMailer library to send mail. PHPMailer can be configured to send mail via SMTP.
  4. Replace the /usr/sbin/sendmail file with a wrapper script that will check the recipient addresses provided and remove the "bad" ones (that is a bit tricky, as the recipient addresses can be specified either on command line, or - when using -t parameter to sendmail - in the message headers), then calls the "real" sendmail binary which you have to rename to some different name. You can also leave /usr/sbin/sendmail as it is and use sendmail_path parameter in your PHP configuration which will point to your script. I think you can even install something like msmtp and set the sendmail_path parameter to point to it, which will effectively force your mail() function to send mail via SMTP.
raj
  • 981
  • 2
  • 10
  • My main problem with (4) is the password... I guess (1) is probably the best/easiest in my situation. – Alexis Wilke Aug 16 '22 at 03:41
  • What password? You don't need to send mail through the submission service, where a password wold be needed. This is all within localhost, so send it normally through port 25 without any password. Postfix normally should trust localhost and relay the mail. – raj Aug 16 '22 at 13:16
  • phpMailer is very well written and maintained, much better control, and handles complex scenarios well. These spams should be captured on the PHP side, not the email server side, that's why I was confused, you intercept it before it gets to the email server, so the email server is never in question. Then send requests once validated etc to emailer tool, and it all 'just works'. Adding the filter step to the php form processor also allows you to do much more granular spam detections. IP and email to / from lists are useless, waste of time, they automate this stuff so each time new address used. – Lizardx Aug 18 '22 at 19:22