As suggested in How do you detect a spambot on your network? how can I setup firewall rule to allow only Postifx to send emails using SMTP on port 25 and disallow all other applications to send on port 25?
I want to control email server of single machine.
Something related is being talked here but not sure of the Iptables rules.
Do two things:
Run Postfix under its own user account. It should already be doing so, on any sane system.
Set an iptables rule with a uid match for that account, which blocks outgoing traffic to destination port 25 not from that user.
For example: Here we assume the username is
postfix, though it may be something different on your system.
iptables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited ip6tables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp6-adm-prohibited
Note that when you save the rule, the user name will be converted to a numeric uid.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.