Autor: W B Hacker Data: A: exim-users Assumpte: Re: [exim] Quick Question - Prohibiting users from sending email
Tony Finch wrote:
> On Tue, 13 Jun 2006, Marc Perkel wrote:
>
>>I'm trying to prevent hackers who might get in from being able to send
>>email if they manage to hack me.
>
>
> Not possible.
>
> Tony.
Can be prevented. But not with any box config you are likely to
have ever seen or would want to admin.
Little to do with the MTA, lots to do with the box, OS, external
storage, & firewalls (plural).
Essentially you have to turn it into a 'state machine', as once
were telco CO switches. Periodically burning, then physically
swapping new proms (UV or fuse-link, not EEPROM) could get to be
a PITA 'Real Soon'.
And forget about having shell accounts, running an httpd - or
anything else, even pop/imap, or ssh - on the same box.
Oh.. and you'll need 24x7 physical security - say armed guards
and server self-destruct, preferably thermal, which means your
own data center, not a public one.
And can you trust all that, even if you can afford it?
Then some zombified WinBox will forge you anyway, so....
.....what's was the point, again?