I want to allow PHP apps to send mail but under very restricted conditions.
And I don't want to allow sendmail-like command for PHP apps (I'm using chrooted PHP and it's too much headache), thus I disabled mail() function in PHP.
What options do I have to strictly allow/monitor PHP apps sending via my postfix?
- HELO name can be spoofed
- IP can be spoofed and it's not explicitly linked to a PHP app user
AUTH? Should I also require smtpd_sender_restrictions=reject_sender_login_mismatch ?
I already have a smtpd on port 587 running which uses smtpd_sasl_type=dovecot but I don't suppose a PHP app would ever have an account on Dovecot IMAP server - I suppose most PHP apps would send mail as 'noreply@'. Should I create another instance of submission in /etc/postfix/master.cf ?
Yes, you have to enable and force AUTH when sending. Create one email address per domain. Then tell the developers/webmaster that they have to use the given user+pass when sending ( and hopefully their PHP app supports SMTP with auth ). You have to disable unauthenticated mail relay from localhost ( in postfix ). And perhaps allow ( in firewall) outgoing smtp traffic only from postfix . Then maybe ratelimit the mails.