Add Firewall rule to block outgoing mail for non-Postfix / non-qmail
iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
Would be nice to add this to the Plesk Firewall Module.
This disables malicious scripts of sending direct mail.
Other malicious mails sent through localhost (Postfix / qmail) will be scanned first.
-
Tobias Gábríél Sörensson commented
Will try this on our servers
-
Niek Beernink commented
I completely agree with this feature request. The firewall extension could be updated to allow setting these types of rules, currently it's too simplistic and things like gid-owner and uid-owner can't be set via the Plesk interface.
In reply to Plesk staf; The outbound antispam features are surely useful, however they only limit the number of mails sent through postfix. It doesn't protect against what Tozz is describing, and I actually found this feature request searching for a way to limit SMTP traffic only to users that should be allowed to mail. The spamscript I killed was sending mail outside of postfix so nothing was being logged and limited via the outbound antispam solution. Pretty nasty.
-
Tozz commented
I doubt the outbound anti spam feature in Plesk 12 prevents PHP scripts from opening TCP/25 connections to outside hosts and send spam using a custom mail library. Or for example, a compromised PHP site that is beeing abused by downloading a perl script that sends out mail using an Perl SMTP library.
-
Tozz commented
I dont see why this should be included in Plesk. You found the solution yourself, which can be easily implemented in something like /etc/rc.local or some othe rfirewall script.
Why do you need a webinterface for this? Also, this might be handy in your case.. It might not be that handy for someone else.
-
Brujo commented
@paulie
how do you check for reapply this rules if missed? -
paulie commented
It would be nice to be able to specify some firewall rules manually that are then included within the Plesk firewall, not just these rules (which are a good addition in themselves, we run a 5 minute cron to reapply these if they're ever found to be missing on our shared platforms).
-
Stéphan S commented