disable_functions in php.ini for webmail

[BruceLee]

thanks. I will give it a try this weekend and set this in the conf file

Code: Select all

$conf['mailer']['type'] = 'smtp';
$conf['mailer']['params']['host'] = 'localhost';
$conf['mailer']['params']['port'] = 587;
$conf['mailer']['params']['auth'] = true;

if that still doesnt work I will also try setting port 587 in /etc/psa-webmail/horde/imp/servers.php

[breun]

I remember setting the port like that didn't work, because in another Horde file it was just set to 25 again. Also I believe you'll need to specify the credentials for authentication via the Submission port or should Horde just re-use the credentials used to login to Horde if you configure it like that?

[BruceLee]

I believe that it switched back to 25 because of the port spec in the config file under /etc/psa-webmail/horde/imp/servers.php
Yes, I think that option will force to use the credentials the user is logged into horde and auth with it.
But I'm not sure, so I will have to test it.

[BruceLee]

tested and works fine. No more errors due to greylisting and sends email, so auth is working.

[flymo]

Hello Folks
Newbie with failing email.

I have tried Breun's solution and shut off greylist -but email still failing.

Works ok when popen and escapeshellcmd are enabled - but these are not supposed to be "safe"

Any help in solving would be appreciated.

Thanks
John

I edited the php.ini file which list the offending functions - seems fine now

[flymo]

Hi Folks
Its all down again.

Getting a malaware warning

"Atomicorp.com WAF Rules: Possible malware attack: Generic Attempt to run malware"

I tried to attach a copy of the asl report All file types failed - looks like a horde issue

Code: Select all

--0fdf3967-A--
[04/Jun/2010:16:12:58 --0400] 8wZp2ErQb4EAABAwNM0AAAAC 80.226.241.158 40017 74.208.111.129 80
 
--0fdf3967-B--
GET /horde/admin/cmdshell.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, */*
Referer: http://74.208.xxx.xxx/horde/services/portal/sidebar.php
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SIMBAR={5D7737AD-CBE5-4C8E-9462-A73592DCAFA0}; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729)
Cookie: Horde=ks1iuefqjkoa06nrkh55hkanm7; auth_key=28325484d3fe96d732809829fe020fb7; horde_menu_expanded=expadministration
Host: 74.208.xxx.xxx
Cache-Control: max-age=43200
Connection: keep-alive
 
--0fdf3967-F--
HTTP/1.1 403 Forbidden
Last-Modified: Sat, 23 Feb 2008 18:17:16 GMT
ETag: "183151b1-3c0-446d7593e2300"
Accept-Ranges: bytes
Content-Length: 960
Connection: close
Content-Type: text/html
 
--0fdf3967-H--
Message: [file "/etc/httpd/modsecurity.d/50_asl_rootkits.conf"] [line "60"] [id "390148"] [rev "16"] [msg "Atomicorp.com WAF Rules: Possible malware attack: Generic Attempt to run malware"] [data "/cmdshell.php"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "/(?:(?:linuxdaybot|suntzu|shell_vup|l_backuptoster|(?:php|sql|cmd)?shell|(?:o|0|p)wn(?:e|3)d|xpl|ssh2?|too20|backdoor|terminatorx-?exp)\.(?:dat|gif|jpe?g|png|sh|txt|bmp|dat|txt|js|s?html?|tmp|php(?:3|4|5)?|asp)|(?:r57|fx29|c(?:99|100)\.(?:txt|php))|/(? ..." at REQUEST_URI.
Action: Intercepted (phase 2)
Stopwatch: 1275682378639832 137583 (116119 118399 -)
Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); 201006031910.
Server: Apache/2.2.8 (CentOS)
 
--0fdf3967-Z--

Not sure if they are related, but would be interested in any advice.
Thanks
John

[flymo]

Hi Folks
I have tried the various methods mentioned and still have an email issue.
Having spoken with Support and clearing most of my concerns that my system had been compromised (thanks) , it may be an issue with smtp and squirrelmail.

If anyone has any experience in resolving this I would appreciate some pointers, in the meantime I have had to enable popen to allow email traffic.

Thanks
John

[breun]

I believe escapeshellcmd needs to be enabled (it's not a security vulnerability to have it enabled as far as I'm concerned).

All you should need to change is setting $conf['mailer']['type'] = 'smtp'; in /etc/psa-webmail/horde/horde/conf.php. You can add $conf['mailer']['params']['auth'] = true; if localhost is not whitelisted for your MTA (it is by default I believe).

Beware that Plesk updates overwrite your changes to Horde's conf.php.

[flymo]

Hello breun

I have those settings and still have the problem - I cant send email via those accounts with popen disabled.

I am most concerned about the popen function as it seems to be the highest risk and I don't want to leave the server open to attack.

I will make a copy of the conf file so I can remember all edits, thanks for the tip.

Regards
JOhn

[BruceLee]

when you make those changes you will be able to use horde webmail.
it does not affect squirrelmail

[breun]

Yes, that change to the Horde config file only affects Horde of course. You can also configure Squirrelmail to use SMTP though.

[flymo]

Thanks got to it just before you posted...

All seems to be good and send/receive now working fine....popen disabled..

Thanks for the help and advice
John

[lfenison]

I don't know what I am doing wrong but for me, it still fails after making only the changes to the conf.php file.

I tried installing php-suhosin but, yum couldn't find it in the repository. But since many have had success without it, I decided to try modifying the conf.php file. It still fails when ALLOW_exec and ALLOW_popen are set to "no"

Code: Select all

// $conf['mailer']['params']['sendmail_path'] = '/usr/sbin/sendmail';
// $conf['mailer']['params']['sendmail_args'] = '-oi';
$conf['mailer']['type'] = 'smtp';
$conf['mailer']['params']['host'] = 'localhost';
$conf['mailer']['params']['port'] = 587;
$conf['mailer']['params']['auth'] = true;

I am running Plesk 9.5.2 on CentOS

[mikeshinn]

Port 587 is authenticated SMTP, do you have webmail setup to use authenicated SMTP? Also, if you do not have Submission enabled in Plesk port 587 will not be available.

[lfenison]

Port 587 is authenticated SMTP, do you have webmail setup to use authenicated SMTP? Also, if you do not have Submission enabled in Plesk port 587 will not be available.

The emails send just fine as long as I enable popen and exec so the SMTP is working ok.