Autor: W B Hacker Fecha: A: exim users Asunto: Re: [exim] Restricting a user's email destinations?
Mike Cardwell wrote:
> * on the Fri, Jul 14, 2006 at 09:39:56AM +0800, W B Hacker wrote:
>
>
>>>>>iptables -t nat -A OUTPUT -p tcp --dport 25 -d ! 127.0.0.1 -m owner ! --uid-owner exim -j DNAT --to-destination 127.0.0.1
>>>>>Someone might find that useful...
>>>>
>>>>The intent is good, but that specific rule is not necessary on Unix, nor will it
>>>>block outbound traffic.
>>>
>>>I think you are misreading what that line does. It redirects outbound
>>>traffic destined to port 25 to localhost port 25. It does not address
>>>what port the query comes from.
>>
>>I understand what it *attempts* to accomplish.
>
>
> Attempts and succeeds...
>
..in preventing a user from reaching port 25 on a remote host, yes.
In preventing a user from sending mail, no, not by itself, it doesn't.
*snip*
> ... How is this related to the
> initial requirements stated at the beginning of this thread?
>
> Mike
>
The OP seeks to block users from sending to external destinations.
More things have to be done to accomplishing that than the rule shown.