On 30/11/12 09:34, Cyborg wrote:
> That's amateur spaming .. a nasty spam scripts forks itself of and
> uses it's own SMTP-engine to send mails. They do it for exactly the
> reason to hide the identity of the account they hacked. It's even
> worse sometimes, when the hacker stores the script via ftp, calls
> it via http and deletes it instantly via ftp again. If you run
> mod_php , your screwed so many times :)
>
> And hey, you can use perlscripts for spamming too, bypassing the
> little protection php setups can give you :) if perl isn't
> available use ruby or python.
>
> it would be cool, if the firewall rules would implement a UID
> option .. allow port 25 connections only if uid is in ( 0, 93 ) .
> That would really help.
Allow the "exim" user to make outgoing connections on port 25, all
other users to make connections to 127.0.0.1 on port 25, and then
block all other port 25 connections:
iptables -A OUTPUT -m owner --uid-owner exim -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j REJECT
I did this for a web hosting system I set up previously. I also
installed a local identd server so I could identify which user was
connecting to 127.0.0.1:25 and rate limit accordingly. I also rate
limited on mail submitted at the command line.
- --
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
