Re: [Exim] preventing relaying from local users

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: exim-users
Subject: Re: [Exim] preventing relaying from local users
On Thu, Aug 09, 2001 at 01:55:17AM +0200, Phil Pennock wrote:
> On 2001-08-08 at 16:50 -0700, Marc MERLIN wrote:
> > I have do something a bit unusual:
> > I need to prevent local shell users from sending mail mail outside of
> > local_domains + relay_domains.
>
> > What do you think the best approach is?
>
> Going and drinking something alcoholic, you're working too hard.


Please, go tell that to my boss :-)
(or to the a...holes who are trying to abuse a free service for developers
in order to send spam)

> Are you firewalling all outbound connections destined to port 25, unless
> the firewall sees via AUTH that the mail was sent by the Exim user on
> one box?


Preventing users from doing outbound 25 is a separate step, but with
netfilter (linux), it's not a problem (netfilter can filter outbound 25
unless the uid of the process is root or exim)

Basically, users have to be able to send mail to other users in a list of
local domains, and I can easily force them to only send mail through the
local exim by invoquing it directly (which is what legitimate users do
anyway, they run mail from cron or something like that), I simply need to
restrict which domains exim is going to be willing to relay mail for (i.e.
none, except a short whitelist)

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key