On Wed, 25 Apr 2001, CaT wrote:
> On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> > > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > > configuration.
> >
> > This requires you to ensure that your MTA is started first on that
> > port...Might be difficult to achieve reliably in an automatic way
> > without root privileges :-(
> >
> > mailuser@foo% /etc/rc.d/init.d/sendmail stop
> > badguy@foo% ./suck 2525
> > mailuser@foo% /etc/rc.d/init.d/sendmail start
>
> Not necessarily. While I have no yet used the feature, iptables
> permits firewalling on userid. I presume this includes wether or
man iptables.
> not a program can listen on a port, right? (and all the other
> fun things).
>
> If so then all you'd have to do is deny external access to port 2525
> and only permit mailuser to listen etc on it and you're set.
For this to work, you need to hack up iptables on the mail server
itself as -m owner only works for locally generated packets. And
even then ./suck will receive on 2525 but will not be able to reply.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:12 EST