Atomicorp

Posted: **Tue Jun 15, 2010 6:55 pm**

SMTP doesnt need either of those functions, so it doesnt sound like your webmail program is set to use SMTP.

Posted: **Tue Jun 15, 2010 7:00 pm**

mikeshinn wrote:SMTP doesnt need either of those functions, so it doesnt sound like your webmail program is set to use SMTP.

My webmail is Horde on Plesk and I made these changes, what else needs to be done to use SMTP so I can turn off popen and exec?

Code: Select all

$conf['mailer']['type'] = 'smtp';
$conf['mailer']['params']['host'] = 'localhost';
$conf['mailer']['params']['port'] = 587;
$conf['mailer']['params']['auth'] = true;

Posted: **Wed Jun 16, 2010 12:01 pm**

lfenison wrote:The emails send just fine as long as I enable popen and exec so the SMTP is working ok.

The point is that for security you'll likely want to disable PHP popen and exec because they can be used to execute arbitrary commands. SMTP doesn't need either of those, so reconfiguring your webmail clients to use SMTP instead of sendmail (which is used via popen/exec) allows you to disable popen and exec and have a more secure system.

Atomicorp

disable_functions in php.ini for webmail

Re: disable_functions in php.ini for webmail

Re: disable_functions in php.ini for webmail

Re: disable_functions in php.ini for webmail