General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] docs question: native outlook


Chronological Thread 
  • From: "mj" ( ) < >
  • To:
  • Subject: Re: [SOGo] docs question: native outlook
  • Date: Sun, 13 Aug 2017 15:00:04 +0200
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 5DB08F09B85


On 08/12/2017 01:04 PM, mj
( )
wrote:
How can you do last thing? Restrict access to an ip to a specific process only? Does anyone know?

Just to share my own findings:

The only thing I came up with, is to try something like:

iptables -A OUTPUT -i lo --dport 143 -m owner --uid-owner 999 -j ACCEPT
iptables -A OUTPUT -i lo --dport 143 -j DROP

On our system: id sogo
uid=999(sogo) gid=999(sogo) groups=999(sogo)

(According to the man page -m owner is only valid in the OUTPUT chain)

But even if this would work, I'm unsure about potential unwanted side-effects, plus it seems suboptimal to me...

Since the SOGo docs recommend to restrict access only to the sogo process, I hope someone here has another tip/idea for us?

MJ



Archive powered by MHonArc 2.6.18.

Top of page