Re: content_filter and firewall rules
- Robert Moskowitz skrev den 2013-02-04 19:46:
> It seems from my limited testing that with the content_filter optiondefault for some reason :=)
> I don't need an iptables rule for port 10024, as there is no firewallits waste of firewalls in lo interface since you can trust your own
> blocking of localhost connection to ports.
connections hopefully ?
note that /usr/sendmail is connecting from localhost, so it can be
done, but amavisd have acl for where it wants connection from / to
> As long as I don't do something stupid like:why is this stupid ?
> which would route the connection through the server's IP addressnote that amavisd can be used from multiple postfix servers and send
> rather than localhost.
email back to the postfix that sends it, so listen with amavisd on wan
ip is not stupid imho :)
> Same with the 10025 injection back into postfix from the contentdefault
> Just no reason to open up 10024 & 10025.was it even closed in the first place ?
> Have I got this correct?geek qestion is "ping 127.0.127.33", shold that be blocked ?
if you can show me a iptables rule that will send wanip ports via dnat
to this ip, then it make sense to me :)