[CentOS] preventing apache from being a mail relay

Sun Mar 3 21:39:08 UTC 2013
Alexander Dalloz <ad+lists at uni-x.org>

Am 03.03.2013 22:30, schrieb Robert Moskowitz:
> I am trying to recall back at least 2 years, and my notes are poor, and 
> my searching appears to be worst...
> Seems I recall that last when I set up my apache server, the spammers 
> were posting to it so it would send out the spam on port 25.  There was 
> some conf that I did to block this, but I did not document it, and I 
> can't find any reference to this.
> I don't think my memory is that bad, but it IS sunday...
> I don't want to put up this new server and have it flooding the world 
> with spam and then get the server blocked.  So do I remember correctly 
> that this was a problem?  Is it still, and how is this prevented?
> Thanks.  Am putting up better notes this time around.

Don't run doubtful applications together with apache. Then there is
little risk to be misused. Back in time there has been a pretty bad
"formmail" cgi around which could be easily misused. Be careful with
other applications these days like with wordpress and such.

The default SELinux on CentOS does prevent apache to send mail using the
sendmail binary:

# getsebool httpd_can_sendmail
httpd_can_sendmail --> off