Loading ...
Sorry, an error occurred while loading the content.
 

Re: content_filter and firewall rules

Expand Messages
  • Benny Pedersen
    ... default for some reason :=) ... its waste of firewalls in lo interface since you can trust your own connections hopefully ? note that /usr/sendmail is
    Message 1 of 6 , Feb 4, 2013
      Robert Moskowitz skrev den 2013-02-04 19:46:
      > It seems from my limited testing that with the content_filter option
      > of:
      > content_filter=amavisfeed:[127.0.0.1]:10024

      default for some reason :=)

      > I don't need an iptables rule for port 10024, as there is no firewall
      > blocking of localhost connection to ports.

      its waste of firewalls in lo interface since you can trust your own
      connections hopefully ?

      note that /usr/sendmail is connecting from localhost, so it can be
      done, but amavisd have acl for where it wants connection from / to

      > As long as I don't do something stupid like:
      > content_filter=amavisfeed:myserver.com:10024

      why is this stupid ?

      > which would route the connection through the server's IP address
      > rather than localhost.

      note that amavisd can be used from multiple postfix servers and send
      email back to the postfix that sends it, so listen with amavisd on wan
      ip is not stupid imho :)

      > Same with the 10025 injection back into postfix from the content
      > filter.

      default

      > Just no reason to open up 10024 & 10025.

      was it even closed in the first place ?

      > Have I got this correct?

      geek qestion is "ping 127.0.127.33", shold that be blocked ?

      if you can show me a iptables rule that will send wanip ports via dnat
      to this ip, then it make sense to me :)
    Your message has been successfully submitted and would be delivered to recipients shortly.