-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 30/11/12 09:34, Cyborg wrote:
> That's amateur spaming .. a nasty spam scripts forks itself of and > uses it's own SMTP-engine to send mails. They do it for exactly the > reason to hide the identity of the account they hacked. It's even > worse sometimes, when the hacker stores the script via ftp, calls > it via http and deletes it instantly via ftp again. If you run > mod_php , your screwed so many times :) > > And hey, you can use perlscripts for spamming too, bypassing the > little protection php setups can give you :) if perl isn't > available use ruby or python. > > it would be cool, if the firewall rules would implement a UID > option .. allow port 25 connections only if uid is in ( 0, 93 ) . > That would really help. Allow the "exim" user to make outgoing connections on port 25, all other users to make connections to 127.0.0.1 on port 25, and then block all other port 25 connections: iptables -A OUTPUT -m owner --uid-owner exim -p tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp --dport 25 -j REJECT I did this for a web hosting system I set up previously. I also installed a local identd server so I could identify which user was connecting to 127.0.0.1:25 and rate limit accordingly. I also rate limited on mail submitted at the command line. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBCgBwBQJQuI2lMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBDRwB/0Xbn+k+fqc acut/6bN/p/HrmauZVRlUwfDIAwWsStlbt0UHerg8JFYYCbqczaAAs8iMMvSazg4 mEX9nvHfzuABNpllgTz8PG4TeohORaHDmaXYFxXQD9W9aZf20HAio3b5YAItQkCD WxCvNHYwvNn2ZeO65Jxc8bQ4ohdMM32a/nG/agukw/eDMXcrwqxbTW1nM5uxCqST l7zkF989IyseIr6WdqDJie7PIbjv0NxJhJhFG1E/ATOPgfFvD92muSmujX1Lw9x2 6rfJdpcHnP16nrZeLeUrBN8tNdohJue1g45pfumSvMlsAxEeqciL2FK8hQS0qvF5 Q/pW1YLmfQOf =hO1z -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
