Robert Moskowitz skrev den 2013-02-04 19:46:
It seems from my limited testing that with the content_filter option
of:
content_filter=amavisfeed:[127.0.0.1]:10024
default for some reason :=)
I don't need an iptables rule for port 10024, as there is no firewall
blocking of localhost connection to ports.
its waste of firewalls in lo interface since you can trust your own
connections hopefully ?
note that /usr/sendmail is connecting from localhost, so it can be
done, but amavisd have acl for where it wants connection from / to
As long as I don't do something stupid like:
content_filter=amavisfeed:myserver.com:10024
why is this stupid ?
which would route the connection through the server's IP address
rather than localhost.
note that amavisd can be used from multiple postfix servers and send
email back to the postfix that sends it, so listen with amavisd on wan
ip is not stupid imho :)
Same with the 10025 injection back into postfix from the content
filter.
default
Just no reason to open up 10024 & 10025.
was it even closed in the first place ?
Have I got this correct?
geek qestion is "ping 127.0.127.33", shold that be blocked ?
if you can show me a iptables rule that will send wanip ports via dnat
to this ip, then it make sense to me :)