L. Jason Godsey wrote: *trim*
>> >>Not 100% useful. MTA's *listen* (for other mx) on port 25. They >>ordinarily *send* on random ports well above 1024. >> > > > It is trivial to block all outbound traffic destined for mail ports, Yes. But one must (also/still) presume the attacker has not / will not gain 'root' before your security gets your attention. > then allow for certain local accounts. > Which may be easier to escalate to than 'root'. Bottom line - secure the box with 'best current practice', keep it MX/MSA-only, (pop/imap maybe), and hijacking of the MTA is not likely to be a major concern. Start adding shell accounts instead of sequestered 'virtual', it gets harder. Run Apache on the same box, for diverse users? With PHP mod-everything, and such? On Linux? ... well. can you see your own ankles? Fine! ... now bend over, grab 'em, pull hard, and 'kiss your server goodbye'.... ;-) Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
