On 2026-05-01 at 09:11:26 UTC-0400 (Fri, 1 May 2026 15:11:26 +0200)
Michael Grimm via Postfix-users <[email protected]>
is rumored to have said:
Presumably, pf cannot prevent a non-Postfix pdocess from sendfing
email directly to remote port 25, 465, and 587.
Yes, that's impossible (to my knowledge). Any process in that jail
trying to send spam will pass that firewall rules, sadly.
I don't know if pf can use the 'user' parameter on the host on packets
coming from the jail, but if the user is preserved, you can make it a
little less obvious how to send spam by requiring that the packets are
owned by the postfix user.
--
Bill Cole
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
