Autor: Marc Perkel Data: A: lannygodsey CC: exim-users Assumpte: Re: [exim] Quick Question - Prohibiting users from sending email
L. Jason Godsey wrote: > Use netfilter (for linux or pf on OpenBSD etc..) to lock port 25 to
> those users.
>
> Then use something like selinux to lock access to the exim binaries, or
> if you don't want to use selinux.. use ACL.
>
> for example:
> chmod og= /usr/sbin/exim*
>
> setfacl -m user:rx:www /usr/sbin/exim*
> setfacl -m user:rx:exim /usr/sbin/exim* (may be redundant, not sure.)
>
> or, add users who are able to send email to exim_senders group
> chown exim:exim_senders /usr/sbin/exim*
>
> I'm sure there are more ways, but really, why would you have any
> accounts on your system in the first place?
>
> I think your time would be better spent using proper firewalls and
> public key authentication to lock down access to your machine.
>
> Also, maybe look into Linux w/ Xen, FreeBSD Jails, or even Solaris
> Zones.
>
>
>
I think you're onto something. But - how do I make it so that only some
users have permission to sonnect to port 25 on localhost? Is that possible?
