Hello ;
Should be easy to add. I'll see if I can that in 1.2.12.
I strongly recommend so that mail function can be disabled from the Php-editor section for each domain (adding a "mail" button in the "Value for the disable_functions directive").
I encounter may websites with poor security that are spamming via php. The only option to stop them, as an server administrator without cutting the whole account, was to manualy edit the php setting by adding mail to disabled function. Unfortunately this is overwritten on the next update or by other reason.
Thanks!
Hi! How do you do it manually? I've the same problem.
Are you serious?
Well just edit the php.ini files or pool file, according the httpd server implementation you use. You must just add the mail function to list of disabled functions (disable_functions directive).
Once done, you must restart either Apache or the FPM instance, according the httpd server implementation you use.
Thanks! What do you mean?
Hello ;
Should be easy to add. I'll see if I can that in 1.2.12.
Will this feature be implemented on a domain-basis or on a global (server) basis, it would be useful to do both.
Maybe it's possible to allow/deny specific functions for specific domains. Some default values, but maybe add a field so admins/resellers can add/remove features themselves.
Well, It will be implemented on a per domain-basis. In version 1.2.12, the PHP editor will really act on a per-domain basis, depending on the PHP configuration level that has been choosen by the administrator (per_user, per_domain or per_site). See the http://youtrack.i-mscp.net/issue/IP-582 ; please don't pollute this issue with your feature requests 
Right now, the PHP editor don't provide way for acting globally for already created accounts... I'll change that in serie 1.3.x (according time constraints).
For the custom PHP directives, this feature is planned for the serie 2. However, from my point of view,resellers shouldn't have control over that, or if so, We must allow the administrator to deny some PHP directives.
I may would also add a possibility that only the reseller can enable/disable the mail()-function, but not the customer itself. The reason is simple:
In order, I'll do as follow:
Admin side
Administrator can enable or disable mail function for the reseller.
Reseller side
If enabled for him by the administrator, the reseller can enable or disable the mail function for his customers
Customer side
If enabled for him by the reseller, customer can enable or disable the mail function.
This is the most simple solution with current PHP Editor implementation (cascading permissions).
Now, what about smtp related functions? From my point of view, we should do same for them. Why? Because SMTP restrictions in postfix main.cf permit local network without further check. This means that any mail sent from PHP using SMTP will be allowed without any authentication.
From my point of view, we should be able to totally disable the mail feature for a specific customer. We could just force SASL authentication by moving up the permit_sasl_authenticated SMTP restrictions but I must test for possible side effects.
