csf smtp tweak

katmai · Post by **katmai** » 10 Apr 2007, 20:11

there is one problem

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 OWNER GID match 12
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 OWNER GID match 32001
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable

root@nemesis [~]# cat /etc/passwd |grep -w 12
mail

8:12:mail:/var/spool/mail:/sbin/nologin
games12games:/usr/games:/sbin/nologin

why does it allow user games outgoing mail ? instead of mail ? how can this be modified ?

katmai · Post by **katmai** » 10 Apr 2007, 20:38

right now i can send out mails using nobody. i have unchecked smtp tweak from cpanel and left only configserver one. it just doesn't block ..

Post by **chirpy** » 13 Apr 2007, 10:48

That setting has nothing at all to do with sending out by nobody. It restricts email being sent directly to port 25 except by mailman, root and exim. The nobody email is going through exim so won't be blocked. To block that you need to to the option in WHM > Tweak Settings.

katmai · Post by **katmai** » 15 Apr 2007, 01:17

small question though. why does csf allow user .. games? to send mail?

Post by **chirpy** » 18 Apr 2007, 22:18

The SMTP_BLOCK allows the same GID's as the cPanel SMTP Tweak does, i.e. mail and mailman. The only UID you've listed is 0 for root.

katmai · Post by **katmai** » 26 Apr 2007, 10:15

sorry my mistake i did not see GID