Am 30.11.2012 10:57, schrieb John Burnham: >> it would be cool, if the firewall rules would implement a UID option ..
>> allow port 25 connections only if uid is in ( 0, 93 ) . That would
>> really help.
>>
> A bit off topic but some do. For example, iptables has the owner module that allows filtering on OUTPUT and POSTROUTING chains based on uid and gid.
>
it's maybe offtopic, but a very useful hint :)
That's the answere ( in general ):
iptables -A OUTPUT -p tcp -m owner ! -d 127.0.0.1 --destination-port=25
! --uid-owner 0-93 -j DROP
It may slowdown the process a bit, but spamming without using the
systems MTA is no longer possible.
of course, thats depending on your system setup :
--uid-owner 0-93
In my case, i can use it, as no other daemon whos executing user scripts
is running between root and exim . Others may have to use three lines
of iptables, allowing 0 and 93 , but deny anyone else.
