Mistake below: instead of chown exim:exim_senders /usr/sbin/exim*, it should be chgrp exim_Senders /usr/sbin/exim*
Sorry --- "L. Jason Godsey" <[EMAIL PROTECTED]> wrote: > > Use netfilter (for linux or pf on OpenBSD etc..) to lock port 25 to > those users. > > Then use something like selinux to lock access to the exim binaries, > or > if you don't want to use selinux.. use ACL. > > for example: > chmod og= /usr/sbin/exim* > > setfacl -m user:rx:www /usr/sbin/exim* > setfacl -m user:rx:exim /usr/sbin/exim* (may be redundant, not sure.) > > or, add users who are able to send email to exim_senders group > chown exim:exim_senders /usr/sbin/exim* > > I'm sure there are more ways, but really, why would you have any > accounts on your system in the first place? > > I think your time would be better spent using proper firewalls and > public key authentication to lock down access to your machine. > > Also, maybe look into Linux w/ Xen, FreeBSD Jails, or even Solaris > Zones. > > --- Marc Perkel <[EMAIL PROTECTED]> wrote: > > > > > > > Tony Finch wrote: > > > On Tue, 13 Jun 2006, Marc Perkel wrote: > > > > > >> Thanks but I don't think that's going to work as the localpart > can > > be > > >> anything, and not related to the user ID. What I'm looking for > is > > to > > >> prohibit local users from sending email. > > >> > > > > > > It's checking $authenticated_id not $local_part. The > > match_local_part > > > clause is a red herring. In any case, if your users have shell > > access they > > > can use software other than Exim to send email, so this check is > > probably > > > pointless. > > > > > > Tony. > > > > > > > I'm trying to prevent hackers who might get in from being able to > > send > > email if they manage to hack me. I want it so that unless they are > > specific users that they have no rights to connect to port 25 or > run > > exim. > > > > -- > > ## List details at http://www.exim.org/mailman/listinfo/exim-users > > ## Exim details at http://www.exim.org/ > > ## Please use the Wiki with this list - > http://www.exim.org/eximwiki/ > > > > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
