Robert Moskowitz skrev den 2013-02-04 19:46:
It seems from my limited testing that with the content_filter option of:
content_filter=amavisfeed:[127.0.0.1]:10024

default for some reason :=)

I don't need an iptables rule for port 10024, as there is no firewall
blocking of localhost connection to ports.

its waste of firewalls in lo interface since you can trust your own connections hopefully ?

note that /usr/sendmail is connecting from localhost, so it can be done, but amavisd have acl for where it wants connection from / to

As long as I don't do something stupid like:
content_filter=amavisfeed:myserver.com:10024

why is this stupid ?

which would route the connection through the server's IP address
rather than localhost.

note that amavisd can be used from multiple postfix servers and send email back to the postfix that sends it, so listen with amavisd on wan ip is not stupid imho :)

Same with the 10025 injection back into postfix from the content filter.

default

Just no reason to open up 10024 & 10025.

was it even closed in the first place ?

Have I got this correct?

geek qestion is "ping 127.0.127.33", shold that be blocked ?

if you can show me a iptables rule that will send wanip ports via dnat to this ip, then it make sense to me :)



Reply via email to