Re: [exim] Quick Question - Prohibiting users from sending e…

Pàgina inicial
Delete this message
Reply to this message
Autor: Marc Perkel
Data:  
A: lannygodsey
CC: exim-users
Assumpte: Re: [exim] Quick Question - Prohibiting users from sending email


L. Jason Godsey wrote:
> Use netfilter (for linux or pf on OpenBSD etc..) to lock port 25 to
> those users.
>
> Then use something like selinux to lock access to the exim binaries, or
> if you don't want to use selinux.. use ACL.
>
> for example:
> chmod og= /usr/sbin/exim*
>
> setfacl -m user:rx:www /usr/sbin/exim*
> setfacl -m user:rx:exim /usr/sbin/exim* (may be redundant, not sure.)
>
> or, add users who are able to send email to exim_senders group
> chown exim:exim_senders /usr/sbin/exim*
>
> I'm sure there are more ways, but really, why would you have any
> accounts on your system in the first place?
>
> I think your time would be better spent using proper firewalls and
> public key authentication to lock down access to your machine.
>
> Also, maybe look into Linux w/ Xen, FreeBSD Jails, or even Solaris
> Zones.
>
>
>


I think you're onto something. But - how do I make it so that only some
users have permission to sonnect to port 25 on localhost? Is that possible?