[CentOS] preventing apache from being a mail relay

Sun Mar 3 21:54:46 UTC 2013
Robert Moskowitz <rgm at htt-consult.com>

On 03/03/2013 04:39 PM, Alexander Dalloz wrote:
> Am 03.03.2013 22:30, schrieb Robert Moskowitz:
>> I am trying to recall back at least 2 years, and my notes are poor, and
>> my searching appears to be worst...
>>
>> Seems I recall that last when I set up my apache server, the spammers
>> were posting to it so it would send out the spam on port 25.  There was
>> some conf that I did to block this, but I did not document it, and I
>> can't find any reference to this.
>>
>> I don't think my memory is that bad, but it IS sunday...
>>
>> I don't want to put up this new server and have it flooding the world
>> with spam and then get the server blocked.  So do I remember correctly
>> that this was a problem?  Is it still, and how is this prevented?
>>
>> Thanks.  Am putting up better notes this time around.
> Don't run doubtful applications together with apache. Then there is
> little risk to be misused. Back in time there has been a pretty bad
> "formmail" cgi around which could be easily misused. Be careful with
> other applications these days like with wordpress and such.
>
> The default SELinux on CentOS does prevent apache to send mail using the
> sendmail binary:
>
> # getsebool httpd_can_sendmail
> httpd_can_sendmail --> off

Since this server is only apache and supplies ntp for internal systems, 
I am able to run with selinux.