Hi,
I will answer in the text below :)
Am 04.04.2018 um 13:52 schrieb Christophe Simon:
Hello,
I'd say that all depends on the function/library you're using in your
PHP application to send mails.
The `mail()` command, for instance, uses the `sendmail` binary to
directly ingest your message in your local mail spool, and thus does not
require any authentication. The mail is sent on behalf of the identity
your web server runs under. There's options to set the appropriate
sender in the message headers, obviously.
no we don't want to use binary in chroot, that somehow feels just wrong :)
If you're using a library such as `PHPMailer`, you'll want to use the
SMTP protocol, either locally (on lo0) (1), or remotely (on your mail
provider's SMTP service) (2).
since it will be WP (i know ...) it has PHPMailer and it should be able
to send with SMTP Protocol.
It's up to you to define if you want authentication on the loopback port
(but that's better to do so).
If you're using your local MTA to send emails (1), either using the SMTP
protocol on lo0 or the `sendmail` binary, there's chances you'll want to
use a relay host to avoid being blacklisted by your recipients servers
(or you should take care to have a resolvable public IP with correct SPF
configured in your DNS). Such a configuration has been very well
illustrated by Michael below.
I have set up the local smtpd to relay mails from local connections so
it's only listen on lo0 but hey PHPMailer will connect on lo0 and can be
abused still if the WP arround it allows it. I basically force the user
to use something like recaptcha but even then I would like to do
something with authentication thought.
for me I short example would be helpful for now I basically let a script
run once an hour to check if the maillog shows somewhat strange traffic
to the relay.
is enabling auth on lo0 simply this ?
pki hostname /path/to/cert
pki hostname /path/to/key
table aliases file:/etc/mail/aliases
table secrets file:/etc/mail/secrets
listen on lo0 port submission tls auth
accept for any relay via tls+auth://relaycred@relayhost:587 auth <secrets>
And then I can just setup the PHPMailer to use submission port on
localhost with some credentials?
Regards
--
Markus Rosjat fon: +49 351 8107223 mail: [email protected]
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
