ipt_owner is now available
Posted: 11 Jan 2009, 20:58
OpenVZ kernels now have the module ipt_owner virtualized so using the SMTP_BLOCK should be possible for VPSes.
I did use a vps to connect to SMTP server of a shared hosting I have and sent mail successfully by cleancode.org email tool, after this I issued:
"iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner root -j REJECT"
and the same command of the last test brought:
email: FATAL: Could not connect to server: ***.***.*** on port: 25: Connection refused
---
Decision cannot be however made considering the Kernel version as according to OpenVZ forums there has been a time when Kernel supported the module but "vzctl" package did not. I would recommend just trying to add the needed rules and check for the exit code. Based on that, the user can be informed if SMTP_BLOCK would or would not work.
Updating the following thread is also suggested:
forum.configserver.com/showthread.php?t=212 (could not post url, less than 5 posts)
I did use a vps to connect to SMTP server of a shared hosting I have and sent mail successfully by cleancode.org email tool, after this I issued:
"iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner root -j REJECT"
and the same command of the last test brought:
email: FATAL: Could not connect to server: ***.***.*** on port: 25: Connection refused
---
Decision cannot be however made considering the Kernel version as according to OpenVZ forums there has been a time when Kernel supported the module but "vzctl" package did not. I would recommend just trying to add the needed rules and check for the exit code. Based on that, the user can be informed if SMTP_BLOCK would or would not work.
Updating the following thread is also suggested:
forum.configserver.com/showthread.php?t=212 (could not post url, less than 5 posts)