On 1/3/23 19:20, Hébergement Arbre Binaire wrote: >> If submission rate limits are required, use SMTP instead of the Postfix > sendmail command. > > Aside from creating a "shim" of some sort to catch sendmail calls made by > random malicious scripts and that uses SMTP to route mail to the local MTA, > I don't see any solution. It's a bit above my paygrade since any and all > MTA matters have a "cold water on neck effect" on me :-)
I recommend using firewall rules to ensure that only the postfix user can connect to port 25 outbound. Otherwise, the script can just send mail directly. You might try submitting a patch to add this feature to postdrop (the privileged mail submission component of Postfix). -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
