L. Jason Godsey wrote: > Use netfilter (for linux or pf on OpenBSD etc..) to lock port 25 to > those users. > > Then use something like selinux to lock access to the exim binaries, or > if you don't want to use selinux.. use ACL. > > for example: > chmod og= /usr/sbin/exim* > > setfacl -m user:rx:www /usr/sbin/exim* > setfacl -m user:rx:exim /usr/sbin/exim* (may be redundant, not sure.) > > or, add users who are able to send email to exim_senders group > chown exim:exim_senders /usr/sbin/exim* > > I'm sure there are more ways, but really, why would you have any > accounts on your system in the first place? > > I think your time would be better spent using proper firewalls and > public key authentication to lock down access to your machine. > > Also, maybe look into Linux w/ Xen, FreeBSD Jails, or even Solaris > Zones. > > >
I think you're onto something. But - how do I make it so that only some users have permission to sonnect to port 25 on localhost? Is that possible? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
