iptables -A OUTPUT-p tcp -m owner --uid-owner postfix -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT-p tcp -m tcp --dport 25 -j DROP
--uid-owner postfix — user which is running postfix
Added
iptables-I OUTPUT-d 127.0.0.1-p tcp --dport 25 -j ACCEPT - Bella.Witting commented on October 3rd 19 at 04:10
If added- ... d 127.0.0.1-j ACCEPT, check that the configs postfix was not in mynetworks 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks
And it will be possible to send anything (but using postfix)
telnet 127.0.0.1 25
HELO localhost
MAIL FROM: <user@example.org>
RCPT TO: <user@example.com>
DATA
......
</user@example.com></user@example.org>
- allen.Mayer commented on October 3rd 19 at 04:13
Dorothy.Kovacek answered on October 3rd 19 at 04:09
At the level of iptables in any way.
above they say that you can - Bella.Witting commented on October 3rd 19 at 04:12
well, with the module owner is really possible. - allen.Mayer commented on October 3rd 19 at 04:15
zatestit now on the servers it is everywhere in the standard distro. - Bella.Witting commented on October 3rd 19 at 04:18
Please sign in or sign up to write your answer or comment.
iptables-I OUTPUT-d 127.0.0.1-p tcp --dport 25 -j ACCEPT - Bella.Witting commented on October 3rd 19 at 04:10
And it will be possible to send anything (but using postfix)
- allen.Mayer commented on October 3rd 19 at 04:13