I suggest you ...

Add Firewall rule to block outgoing mail for non-Postfix / non-qmail

iptables -A OUTPUT -d -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable

Would be nice to add this to the Plesk Firewall Module.

This disables malicious scripts of sending direct mail.

Other malicious mails sent through localhost (Postfix / qmail) will be scanned first.

38 votes
Sign in
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Stéphan S shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Password icon
Signed in as (Sign out)
  • Niek Beernink commented  ·   ·  Flag as inappropriate

    I completely agree with this feature request. The firewall extension could be updated to allow setting these types of rules, currently it's too simplistic and things like gid-owner and uid-owner can't be set via the Plesk interface.

    In reply to Plesk staf; The outbound antispam features are surely useful, however they only limit the number of mails sent through postfix. It doesn't protect against what Tozz is describing, and I actually found this feature request searching for a way to limit SMTP traffic only to users that should be allowed to mail. The spamscript I killed was sending mail outside of postfix so nothing was being logged and limited via the outbound antispam solution. Pretty nasty.

  • Tozz commented  ·   ·  Flag as inappropriate

    I doubt the outbound anti spam feature in Plesk 12 prevents PHP scripts from opening TCP/25 connections to outside hosts and send spam using a custom mail library. Or for example, a compromised PHP site that is beeing abused by downloading a perl script that sends out mail using an Perl SMTP library.

  • Tozz commented  ·   ·  Flag as inappropriate

    I dont see why this should be included in Plesk. You found the solution yourself, which can be easily implemented in something like /etc/rc.local or some othe rfirewall script.

    Why do you need a webinterface for this? Also, this might be handy in your case.. It might not be that handy for someone else.

  • paulie commented  ·   ·  Flag as inappropriate

    It would be nice to be able to specify some firewall rules manually that are then included within the Plesk firewall, not just these rules (which are a good addition in themselves, we run a 5 minute cron to reapply these if they're ever found to be missing on our shared platforms).

Feedback and Knowledge Base