方案1: 停用並禁用 MTA 服務 (主流的postfix, sendmail, exim4)
sudo systemctl stop postfix
sudo systemctl disable postfix
sudo systemctl mask postfix
sudo systemctl stop sendmail
sudo systemctl disable sendmail
sudo systemctl mask sendmail
sudo systemctl stop exim4
sudo systemctl disable exim4
sudo systemctl mask exim4方案2: 移除MTA 服務 (主流的postfix, sendmail, exim4)
sudo apt remove --purge postfix sendmail exim4
或
sudo yum remove --purge postfix sendmail exim4
或
sudo dnf remove postfix sendmail exim4
方案3: 使用 iptables 或 nftables 或 ufw 阻擋發信
使用iptables
sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
sudo iptables -A OUTPUT -p tcp --dport 465 -j REJECT
sudo iptables -A OUTPUT -p tcp --dport 587 -j REJECT
使用nftables
sudo nft add rule ip filter output tcp dport {25, 465, 587} drop
sudo nft list ruleset > /etc/nftables.conf
使用ufw
sudo ufw default allow outgoing (這是預設默認全部允許對外連線)
sudo ufw deny out to any port 25 proto tcp
sudo ufw deny out to any port 465 proto tcp
sudo ufw deny out to any port 587 proto tcp
sudo ufw enable
sudo ufw reload
其他: php.ini
即使沒有 MTA,最好還是修改 php.ini 來確保 mail() 無法使用:
sudo nano /etc/php/8.3/cli/php.ini
sudo nano /etc/php/8.3/fpm/php.ini
找到 sendmail_path,並修改為 /bin/true
sendmail_path = "/bin/true"
完成後記得 sudo systemctl restart php8.3-fpm