Mike Cardwell wrote: > * on the Fri, Jul 14, 2006 at 09:39:56AM +0800, W B Hacker wrote: > > >>>>>iptables -t nat -A OUTPUT -p tcp --dport 25 -d ! 127.0.0.1 -m owner ! >>>>>--uid-owner exim -j DNAT --to-destination 127.0.0.1 >>>>>Someone might find that useful... >>>> >>>>The intent is good, but that specific rule is not necessary on Unix, nor >>>>will it >>>>block outbound traffic. >>> >>>I think you are misreading what that line does. It redirects outbound >>>traffic destined to port 25 to localhost port 25. It does not address >>>what port the query comes from. >> >>I understand what it *attempts* to accomplish. > > > Attempts and succeeds... >
..in preventing a user from reaching port 25 on a remote host, yes. In preventing a user from sending mail, no, not by itself, it doesn't. *snip* > ... How is this related to the > initial requirements stated at the beginning of this thread? > > Mike > The OP seeks to block users from sending to external destinations. More things have to be done to accomplishing that than the rule shown. Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
