On Wed, Jun 14, 2006 at 02:59:49AM +0800, W B Hacker said: > Troy Engel wrote: > > > Marc Perkel wrote:
[want to block outgoing email in case he's p0wn3d] > > 3) use iptables to block any outgoing SMTP (ports 25, 465, 587) to any > > machine other than the smarthost you decided on above. (see > > http://oceanpark.com/notes/firewall_example.html) > > > > Not 100% useful. MTA's *listen* (for other mx) on port 25. They > ordinarily *send* on random ports well above 1024. netfilter has a uid match module that allows you to write rules like: iptables -t filter -A OUTPUT -m owner --uid-owner 0 -m state --state NEW --dport 25 -j ACCEPT So, actually, rather useful for this sort of thing. Not precisely how I owuld go about it (I would start by deciding what can make outbound traffic and stop all other traffic, but YMMV). If it is a root compromise, of course, you're screwed anyway, but a simple push over of a php script running as a non-privileged httpd user may not kill you in this case. > Further, it is generally a safe assumption that any entity > clever/patient enough to crack a shell account, can and will, > escalate privileges, eventually to 'root'.. This is of course true, and good advice. If you are hacked, the least of your worries is the spam coming from your machine. -- -------------------------------------------------------------------------- | Stephen Gran | War is much too serious a matter to be | | [EMAIL PROTECTED] | entrusted to the military. -- | | http://www.lobefin.net/~steve | Clemenceau | -------------------------------------------------------------------------- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
