On 7/10/24 08:40, Gilgongo via Postfix-users wrote:
As you can see, it goes straight to the MX of the domain of the recipient. The same is true if I use mail.mailutils or other clients. So I was wondering how I might both allow sending but also (reliably) prevent abuse. Perhaps doing both isn't really possible?
You can implement firewall rules preventing access to 25/tcp for other users (not postfix and root):
iptables -A OUTPUT -m owner --gid-owner $postfix_gid_here -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -m owner --uid-owner 0 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
Similar feature is possible via nftables, the syntax is following:
nft 'add rule ip filter OUTPUT skgid $postfix_gid_here tcp dport 25 counter accept> nft 'add rule ip filter OUTPUT skgid 0 tcp dport 25 counter accept nft 'add rule ip filter OUTPUT tcp dport 25 counter reject'
-- Send unsolicited bulk mail to carl...@at.encryp.ch _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
