Troy Engel wrote: > Marc Perkel wrote: > >>I'm trying to prevent hackers who might get in from being able to send >>email if they manage to hack me. I want it so that unless they are >>specific users that they have no rights to connect to port 25 or run exim. > > > Does this machine receive email? If not, then the solution is simple: > > 1) decide on a smarthost (another machine) to accept mail from this > IP/machine (ie relay). This machine could run Exim in normal mode. > > 2) configure Apache and Exim sending to use that smarthost, and only > allow root or apache to use Exim. However, I would recommend using > something like 'msmtp' instead of Exim to provide outgoing mail only. > (http://msmtp.sourceforge.net/) and not listen on port 25, it's not needed.
No help. IF the box itself has been compromised, the perp has shell access. With that, Exim is not needed - they can install and run theior own smtp. > > 3) use iptables to block any outgoing SMTP (ports 25, 465, 587) to any > machine other than the smarthost you decided on above. (see > http://oceanpark.com/notes/firewall_example.html) > Not 100% useful. MTA's *listen* (for other mx) on port 25. They ordinarily *send* on random ports well above 1024. > Of course, if you need to receive mail on this machine then life is that > much more complicated, but still using a smarthost and iptables together > is your best chance at success. However, a hacker would most likely run > the receiving SMTP server on an unusual port, so you might have to use a > more hardcore iptables setup (ie disallow all outbound traffic instead > of what's needed). That last part is the hardest. Even IF one can configure the MTA to use a specific outbound port and close all others, it will relinquish that port between sending sessions. At that point, some other process has a chance of grabbing it and using it. Further, it is generally a safe assumption that any entity clever/patient enough to crack a shell account, can and will, escalate privileges, eventually to 'root'.. To be 'certain', the box has to be constructed in such a way that even 'root' cannot add/alter authorized users, nor alter the config file, nor invoke other daemons ('coz there are no HDD, utilities, nor coms channels - only PROM). That spells state machine, and physically swapped PROMs, not in-place reprogrammable ones. And/or 'non-UNIX/Linux' - i.e. a single-user/process hardware device of another sort. As in an OS/2 cash-till/Automated Teller Machine - which doesn't even have command shell or GP UI in the conventional sense - just button-scan and canned graphics. Bill > > hth, > -te > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
