Add Firewall rule to block outgoing mail for non-Postfix / non-qmail
iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
Would be nice to add this to the Plesk Firewall Module.
This disables malicious scripts of sending direct mail.
Other malicious mails sent through localhost (Postfix / qmail) will be scanned first.
Tobias Gábríél Sörensson commented
Will try this on our servers
Niek Beernink commented
I completely agree with this feature request. The firewall extension could be updated to allow setting these types of rules, currently it's too simplistic and things like gid-owner and uid-owner can't be set via the Plesk interface.
In reply to Plesk staf; The outbound antispam features are surely useful, however they only limit the number of mails sent through postfix. It doesn't protect against what Tozz is describing, and I actually found this feature request searching for a way to limit SMTP traffic only to users that should be allowed to mail. The spamscript I killed was sending mail outside of postfix so nothing was being logged and limited via the outbound antispam solution. Pretty nasty.
I doubt the outbound anti spam feature in Plesk 12 prevents PHP scripts from opening TCP/25 connections to outside hosts and send spam using a custom mail library. Or for example, a compromised PHP site that is beeing abused by downloading a perl script that sends out mail using an Perl SMTP library.
I dont see why this should be included in Plesk. You found the solution yourself, which can be easily implemented in something like /etc/rc.local or some othe rfirewall script.
Why do you need a webinterface for this? Also, this might be handy in your case.. It might not be that handy for someone else.
how do you check for reapply this rules if missed?
It would be nice to be able to specify some firewall rules manually that are then included within the Plesk firewall, not just these rules (which are a good addition in themselves, we run a 5 minute cron to reapply these if they're ever found to be missing on our shared platforms).
Stéphan S commented