[exim] OT: Re: authenticating all users.

Góra strony
Delete this message
Reply to this message
Autor: Cyborg
Data:  
Dla: exim-users
Temat: [exim] OT: Re: authenticating all users.
Am 30.11.2012 10:57, schrieb John Burnham:
>> it would be cool, if the firewall rules would implement a UID option ..
>> allow port 25 connections only if uid is in ( 0, 93 ) . That would
>> really help.
>>
> A bit off topic but some do. For example, iptables has the owner module that allows filtering on OUTPUT and POSTROUTING chains based on uid and gid.
>


it's maybe offtopic, but a very useful hint :)

That's the answere ( in general ):

iptables -A OUTPUT -p tcp -m owner ! -d 127.0.0.1 --destination-port=25
! --uid-owner 0-93 -j DROP

It may slowdown the process a bit, but spamming without using the
systems MTA is no longer possible.

of course, thats depending on your system setup :

--uid-owner 0-93

In my case, i can use it, as no other daemon whos executing user scripts
is running between root and exim . Others may have to use three lines
of iptables, allowing 0 and 93 , but deny anyone else.

Marius