Re: [exim] Restricting a user's email destinations?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Restricting a user's email destinations?
Mike Cardwell wrote:

> * on the Fri, Jul 14, 2006 at 09:39:56AM +0800, W B Hacker wrote:
>
>
>>>>>iptables -t nat -A OUTPUT -p tcp --dport 25 -d ! 127.0.0.1 -m owner ! --uid-owner exim -j DNAT --to-destination 127.0.0.1
>>>>>Someone might find that useful...
>>>>
>>>>The intent is good, but that specific rule is not necessary on Unix, nor will it
>>>>block outbound traffic.
>>>
>>>I think you are misreading what that line does. It redirects outbound
>>>traffic destined to port 25 to localhost port 25. It does not address
>>>what port the query comes from.
>>
>>I understand what it *attempts* to accomplish.
>
>
> Attempts and succeeds...
>


..in preventing a user from reaching port 25 on a remote host, yes.

In preventing a user from sending mail, no, not by itself, it doesn't.

*snip*

> ... How is this related to the
> initial requirements stated at the beginning of this thread?
>
> Mike
>


The OP seeks to block users from sending to external destinations.

More things have to be done to accomplishing that than the rule shown.

Bill