Switching off php mail function


My webserver was recently under attack from spammers using some buggy ajax script on a client website.

I override /usr/sbin/sendmail using a php script which logs in all sendmail accesses which shows the directory from where the script is trying to send.

Now I want to stopped the php mail() functionality completely and have SMTP authentication.

Please suggest a way to do so.



2 Replies


Now I want to stopped the php mail() functionality completely
It looks like setting sendmail_path to '/bin/false' will accomplish this (or you could use /bin/true if you want the script to believe that sending mail was successful).

How to set up SMTP authentication depends on which mail transfer agent you are using (Postfix, Exim, Sendmail, Qmail, etc.). A Google search should turn up useful info, or try the Linode library.

Indifidual PHP functions can be disabled using the disable_functions directive in php.ini. If somebody is desperate, though, there are many other ways to send mail. You'd also have to disable all functions that allow making outbound TCP connections or execute anything on the shell.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct