Michael Grimm via Postfix-users <[email protected]> wrote: > Bill Cole via Postfix-users <[email protected]> wrote:
>> I don't know if pf can use the 'user' parameter on the host on packets >> coming from the jail, but if the user is preserved, you can make it a little >> less obvious how to send spam by requiring that the packets are owned by the >> postfix user. > But because I am running VNET jails I can simply create an additional > firewall inside postfix' jail. And there I should be able to block outgoing > traffic not initiated by a postfix process. > > I will have to evaluate and test that approach, though, but I am quite > confident that it will work as expected. FTR: an additional pf firewall inside a VNET jail is able to block all outgoing traffic (25, 465, 587) which is not owned by the postfix user. Regards, Michael _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
