Sad Clouds via Postfix-users <[email protected]> wrote: > On Thu, 30 Apr 2026 21:21:43 +0200 > Michael Grimm via Postfix-users <[email protected]> wrote:
>> #) Using FreeBSD's pf firewall functionality to block all traffic leaving my >> servers via ports 25, 465, and 587, respectively, that has not originated >> in a FreeBSD jail running postfix > > Packets from SMTP clients tends to leave your server via ephemeral > ports allocated dynamically. If you meant to say "going to ports 25, > 465, and 587" these are well known SMTP ports, but this will not stop > some process connecting to SMTP servers running on other ports. > > If you control all processes on your server, this may not be an issue. > If you expose complete jails to other users, they may create tunnels to > bypass your firewall. As I am the only user on my servers I am sure there will be no tunneling in place ;-) But thanks, you reminded me on having one more outgoing port to needed to become blocked for all processes besides those running in the dedicated mail jail, namely the port for an smtp_fallback_relay transport (smtp2go.com). That transport is currently deactivated and will only be activated when becoming blocked and a mail to postmaster@ of the blocking system will become block as well :-( Shouldn't happen, but happened to me once. Thanks and regards, Michael _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
