On 01/15/18 22:30, Henning Follmann wrote: > On Mon, Jan 15, 2018 at 08:56:20PM +0100, Jonathan Sélea wrote: >>>> I would not recommend having a emailserver on the same server as a >>>> website, because if the website is compromised the "hacker" can just use >>>> the mail() function >>>> to send emails in your name. >>> so can she/he if the mailserver is on a different host. That doesn't make >>> any difference. >> It would, because other mailservers would deny emails from that one >> because it would fail authentication (SPF, DKIM, DMARC for example). >> > Your webserver having a method to use a smarthost, using an external > mailserver can be abused when compromised. So no win here. Still exploited > once the attacker is on the system. It will just use the same smarthost > with the webservers credentials and the mailserver will happily relay the > spam. > > -H If configured properly - the hacker can't change how the server do the transport, except if the hacker has gained the privileges to do so. But that is not that common if a LAMP server for example if properly configured. But if a hacker has found an exploit where he can change the transport settings for the MTA. I am talking about the default mail() function that is used by many websites. But you are talking about a server where a hacker has gained root privileges - in that case there is not much to do.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature