Le 28/06/2011 12:24, Jerry a écrit : > On Tue, 28 Jun 2011 01:59:43 +0200 > mouss articulated: > >> Le 28/06/2011 00:25, Jerry a écrit : >>> On Mon, 27 Jun 2011 18:06:19 -0400 (EDT) >>> Wietse Venema articulated: >>> >>>> Jerry: >>>>> I saw a configuration for blocking web mail from Apache from >>>>> accessing Postfix. I think it was something like: !www or >>>>> something like that. I forgot to write it down and now I cannot >>>>> locate it. Does anyone know what the recipe is. Thanks! >>>> >>>> This was discussed here three postings before your question. >>> >>> OK, I found it: >>> >>> authorized_submit_users = !apache,static:all >>> >>> Since I am running Apache on FreeBSD with user/group ownership of >>> "www" I assume I would use this instead: >>> >>> authorized_submit_users = !www, static:all >>> >>> Would that be correct? >>> >> >> that would. but it doesn't prevent users from using the smtp >> interface. users can even send outbout smtp without using your >> relay... oh, unless you use different servers for different roles... > > My goal is to insure that if my Apache server were somehow compromised, > and I have no reason to believe it is or has been, that it could not > then use Postfix to send mail. Perhaps I am just being paranoid.
we are two ;-) what I tried to say is: if you use a single server as an outbound relay and as another role, then you increase risks. in particular, if you put a web server on the same box as a postfix relay, then a program running inside your webserver (cgi, module, ...) can send mail using the smtp interface. in which case, no sendmail limitation would help. to protect against this: - the simplest approach is to not run a web server on the postfix relay: separate functions. - if not possible, control both the sendmail interface and the smtp interface. the latter is not easy. the unix model was not designed to control network traffic. a "local" firewall (pf, iptables) and MAC (freebsd mac, netbsd systrace, selinux, ...) might help, but they require some amount of work.
