I'm a bit lost with the PHP/Sendmail configuration, maybe somebody could help me getting back on the right track.
* accepts smtp on port 25 but from his own domains. Some policy and spamchecks through amavisd are made.
* accepts submission on port 587 and 465 from authenticated users only. Quota and spamchecks prevent outgoing spam.
So I'm enforcing a very strong outgoing spam-policy but the users are still able to use the php mail() function to send spam through the /usr/sbin/sendmail command.
My users have access to their own php.ini so my idea was to somehow enforce the delivery through the local postfix on port 587 or 465 and just let them enter their user/pass in their php.ini. (I suppose, their might be a cleaner-solution
Unfortunately, my configurations like smtp_host, port, user etc. are getting ignored if the sendmail_path line is active. But if I comment this line out, php just uses the default, which is the same as configured in the sendmail_path line - so it's active whether i use the line or not (setting it to an invalid command breaks the mail() function completely).
So my question is basically: how can I enforce my anti-spam policy on the php mail() command?
For my ssh users I just blocked the outgoing connection to localhost on port 25 which seems to work so far, but somehow the postfix-sendmail-wrapper just ignores this.
I appreciate any suggestions and hints.
Thank you in advance.