[Avcheck] Re: Couple of avcheck questions
Michael Tokarev
mjt@tls.msk.ru
Tue, 22 Jan 2002 23:48:48 +0300
> Jarno Huuskonen wrote:
[]
> > I started thinking about how to prevent local users from sending their
> > mail straight to localhost:1025.
> > Would it be possible to reinject the scanned mail back to postfix via
> > unix domain socket (is it possible to make postfix smtpd to listen on
> > unix domain socket ?)
I have another idea around this. If you really want to restrict access
to your reinjection point, then it is trivial to do on linux-2.4 with
recent iptables. Add a filter for localhost:1025 and use connection
OWNER as a match -- there is such match operation exists in iptables.
I.e. allow only packets OWNED by avclient to come to localhost:1025.
This will be pretty the same as using filesystem permissions. But
is you're using linux.
Regards,
Michael.