I need some help. I am running lastest stable Ubuntu which hosts Apache/PHP5 and also delivers email. I host some WordPress sites for other users and have been waging a war for months now combatting attackers who find bad permissions on directories and use that to upload php scripts to send spam through the server.
I of course am taking steps to automate security of WordPress but would also like to knock out PHP5/Apache's ability to send mail to any address not locally deliverable.
I am configuring a new server to do this on. I will be running the latest version of MailScanner with a choice of Sendmail or Postfix. This would specifically be directed at locking down the wwwdata user to only send locally.
I have already setup PHP5 mail logging but need to take this a step further because my hosting provider goes draconian when spam starts flowing. So far I have not had any luck finding answers via Google. Only thing I have found so far involves either disabling PHP's mail function or to log, review, firewall out IPs and delete offending scripts. Any help is appreciated.
This answer assumes postfix mta.
In php.ini add:
In /etc/main.cf add:
Content of /etc/postfix/header_checks.pcre
The regex used here covers commonly used characters in the local part of email addresses, but does not cover every valid character as per RFC, YMMV.