Am 30.11.2012 10:57, schrieb John Burnham:
it would be cool, if the firewall rules would implement a UID option ..
allow port 25 connections only if uid is in ( 0, 93 ) . That would
really help.
A bit off topic but some do. For example, iptables has the owner module that
allows filtering on OUTPUT and POSTROUTING chains based on uid and gid.
it's maybe offtopic, but a very useful hint :)
That's the answere ( in general ):
iptables -A OUTPUT -p tcp -m owner ! -d 127.0.0.1 --destination-port=25
! --uid-owner 0-93 -j DROP
It may slowdown the process a bit, but spamming without using the
systems MTA is no longer possible.
of course, thats depending on your system setup :
--uid-owner 0-93
In my case, i can use it, as no other daemon whos executing user scripts
is running between root and exim . Others may have to use three lines
of iptables, allowing 0 and 93 , but deny anyone else.
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
