| Linode Forum https://forum.linode.com/ |
|
| postfix - how to block all linux users except root??? https://forum.linode.com/viewtopic.php?f=11&t=6207 |
Page 1 of 1 |
| Author: | janyapan [ Fri Oct 29, 2010 10:19 am ] |
| Post subject: | postfix - how to block all linux users except root??? |
I have a postfix smtp server with sasl authentication on Ubuntu server.. I don't want anybody to send mail without being authenticated especially from php forms. Php mail function sends mail as user www-data.. But also logwatch sends mail as root which I really need.. There are also users authenticated by sasl.. They shouldn't be blocked, too.. So, are there any way to block all linux users to send mail except root? Thanks in advance.. |
|
| Author: | Guspaz [ Fri Oct 29, 2010 1:15 pm ] |
| Post subject: | |
Consider this: any user can open a port 25 or 587 to any mail server and deliver mail there directly. IPTABLES can't really stop that while still allowing the mail server to work, although I believe selinux network ACLs do. |
|
| Author: | janyapan [ Fri Oct 29, 2010 1:39 pm ] |
| Post subject: | |
Guspaz wrote: Consider this: any user can open a port 25 or 587 to any mail server and deliver mail there directly. IPTABLES can't really stop that while still allowing the mail server to work, although I believe selinux network ACLs do.
Thanks for your reply.. But, I don't think to change my linux distribution.. There should be a way through postfix's configurations.. |
|
| Author: | Guspaz [ Mon Nov 01, 2010 10:32 am ] |
| Post subject: | |
Oh, there may well be, but my point is that you don't need to use postfix to send mail. I think I'm misunderstanding what you want to do, though. You're saying that you only want to let people send mail through your SMTP server if they're authenticated, and I think I was seeing "users" and thinking "linux users", which made me think "Linux users can send mail through other means". |
|
| Author: | Stever [ Wed Nov 03, 2010 3:09 pm ] |
| Post subject: | |
I've never tried it, but maybe you are looking for this: http://www.postfix.org/postconf.5.html# ... bmit_users You might also need to adjust your handling of mynetworks to prevent local connections to smtp being treated as special. |
|
| Author: | mst [ Sun Nov 14, 2010 9:04 am ] |
| Post subject: | |
Make /usr/sbin/sendmail to be only executable by root. Block outgoing connections to port 25 using iptables OUTPUT table and owner match module (--uid-owner). You are probably going to regret it. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|