On Friday 19 January 2007 14:24, Markus Hardiyanto wrote:
> can you give me direction on how to setup firewall so other program can't
> sending mail directly with SMTP?
With iptables, it depends on whether there is a different mail gateway that
all outgoing mail is supposed to go through. If so, you can simply block all
outgoing packets to port 25 from all hosts except that one:
iptables -A OUTPUT -o eth1 -s '!' <gateway-IP> -p tcp --dport 25 -j REJECT
(assuming that eth1 is the (only) interface connected to the outside world).
To stop traffic from the local host except if it comes from Exim you need to
use the owner module, like this:
iptables -A OUTPUT -p tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -m owner --uid-owner exim -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j REJECT
I reserve the right to have made mistakes...
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans