The PHP mail() function is often used for sending emails directly from a server. However, when misused, it can lead to security vulnerabilities, including spam or infected emails being sent from your server.

To mitigate this risk, you can disable the PHP mail() function in CWP (Control WebPanel). Doing so forces users to utilize SMTP-based email systems, which are more secure and provide better control over email quotas, such as hourly sending limits.

Why Disable PHP’s mail() Function?

1. Prevent Spam: Reduces the likelihood of malicious or spam emails originating from your server.
2. Enhanced Security: SMTP requires authentication, making it harder for unauthorized users to exploit.
3. Quota Control: SMTP allows for more precise control of email limits, ensuring that no single user overwhelms your system.

Steps to Disable the mail() Function

To completely disable the mail() function in PHP when using CWP, follow these steps:

1. PHP Switcher

CWP provides a built-in tool called the PHP Switcher, which allows you to modify PHP settings across different versions. You can disable the mail() function by adding it to the list of disabled functions in the PHP configuration.

echo "disable_functions = mail" > /usr/local/php/php.d/disabled_function.ini  

2. PHP-CGI selector :

echo "disable_functions = mail" > /opt/alt/php53/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php54/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php55/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php56/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php70/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php71/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php72/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php73/usr/php/php.d/disabled_function.ini
  
echo "disable_functions = mail" > /opt/alt/php74/usr/php/php.d/disabled_function.ini  

echo "disable_functions = mail" > /opt/alt/php80/usr/php/php.d/disabled_function.ini  

3. PHP_FPM Selector:

echo "disable_functions = mail" > /opt/alt/php-fpm53/usr/php/php.d/disabled_function.ini && service php-fpm53 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm54/usr/php/php.d/disabled_function.ini && service php-fpm54 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm55/usr/php/php.d/disabled_function.ini && service php-fpm55 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm56/usr/php/php.d/disabled_function.ini && service php-fpm56 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm70/usr/php/php.d/disabled_function.ini && service php-fpm70 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm71/usr/php/php.d/disabled_function.ini && service php-fpm71 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm72/usr/php/php.d/disabled_function.ini && service php-fpm72 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm73/usr/php/php.d/disabled_function.ini && service php-fpm73 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm74/usr/php/php.d/disabled_function.ini && service php-fpm74 restart  

echo "disable_functions = mail" > /opt/alt/php-fpm80/usr/php/php.d/disabled_function.ini && service php-fpm80 restart  

4. PHP Configuration File

Locate the disable_functions directive within the PHP configuration file. Add mail to the list of disabled functions:

disable_functions = mail

Save the file and exit the editor.

Restart the Web Server

After updating the PHP configuration, restart your web server to apply the changes. Run the appropriate command for your server type:

# For Apache

service httpd restart

# For Nginx

service nginx restart

Verification

To ensure the mail() function is disabled, you can create a simple PHP script to test its functionality:

<?php
if (function_exists('mail')) {
    echo "The mail() function is enabled.";
} else {
    echo "The mail() function is disabled.";
}
?>

Place this script in your web directory, access it via a browser, and confirm that the mail() function is disabled.

By disabling the mail() function, you enhance your server’s security and encourage the use of robust email-sending methods. This simple yet effective step can help prevent abuse and ensure your system operates efficiently.