[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure email server setup



On Mon, Jan 15, 2018 at 08:56:20PM +0100, Jonathan Sélea wrote:
> >> I would not recommend having a emailserver on the same server as a
> >> website, because if the website is compromised the "hacker" can just use
> >> the mail() function
> >> to send emails in your name.
> > so can she/he if the mailserver is on a different host. That doesn't make
> > any difference.
> It would, because other mailservers would deny emails from that one
> because it would fail authentication (SPF, DKIM, DMARC for example).
> 
Your webserver having a method to use a smarthost, using an external
mailserver can be abused when compromised. So no win here. Still exploited
once the attacker is on the system. It will just use the same smarthost
with the webservers credentials and the mailserver will happily relay the
spam. 

-H


> 
> 
> 
> 



-- 
Henning Follmann           | hfollmann@itcfollmann.com


Reply to: