Support

Admin Tools

#33400 Block email sending apart from recognised sources

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 16 July 2020 09:59 CDT

Thursday, 16 July 2020 09:34 CDT

dunwin

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

We have had a problem where hackers have accessed our mail-function. Is there an Admin tools option/function to only allow certain components (ie ACYmailing) to send out emails via the PHP mail function and block everything else?

Sorry if the question sounds silly, I am not a security expert.

 

Kind regard

David

 David Unwin - London UK

Thursday, 16 July 2020 09:59 CDT

nicholas

No, this is not something you can do from the PHP side of things. The idea is that the attacker will simply bypass Joomla's email sending and will use PHP's built-in mail() function directly. This function cannot be limited by other PHP code, therefore you cannot do what you are trying to do.

What you can probably do is a bit different. First, configure Joomla to use SMTP to send emails through your hosting provider. This uses the built-in PHPmailer library to connect to your mail server using SMTP which is a few milliseconds slower but safer, since it requires authentication. Then ask your hosting provider to disable the built-in PHP mail() function. This will prevent most unauthorised scripts from sending out emails.

Of course the best solution is to avoid being hacked in the first place. Still, what I described is a good way to block most ways a hacked site can send emails which is a decent last line of defence.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!