Bill Cole via Postfix-users <[email protected]> wrote: > On 2026-05-01 at 09:11:26 UTC-0400 (Fri, 1 May 2026 15:11:26 +0200) > Michael Grimm via Postfix-users <[email protected]> > is rumored to have said:
>>> Presumably, pf cannot prevent a non-Postfix pdocess from sendfing >>> email directly to remote port 25, 465, and 587. >> >> Yes, that's impossible (to my knowledge). Any process in that jail trying to >> send spam will pass that firewall rules, sadly. > > I don't know if pf can use the 'user' parameter on the host on packets coming > from the jail, but if the user is preserved, you can make it a little less > obvious how to send spam by requiring that the packets are owned by the > postfix user. I have to admit that I never thought about such an approach and that I wasn't aware of such a functionality. Yes, pf can filter by uid and gid. But according to the manual page this only works on the host running the firewall. A quick check confirms it; postfix' uid running in a jail is unknown to the firewall [1]. But because I am running VNET jails I can simply create an additional firewall inside postfix' jail. And there I should be able to block outgoing traffic not initiated by a postfix process. I will have to evaluate and test that approach, though, but I am quite confident that it will work as expected. Thanks for pointing me into this direction and regards, Michael [1] For forwarded connections, where the firewall is not a connection endpoint, the user and group are unknown. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
