Allow mail routing via smarthost

diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 500a573..3a6b659 100644 (file)
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -52,6 +52,12 @@ table filter {
        proto (tcp udp) dport ntp ACCEPT;
        proto (tcp udp) dport domain ACCEPT;
 
+       # Allow mail to be routed to smarthost. This may be less than
+       # idea: it seems safer to generate a list of system users to
+       # allow, and then require individual members to request smtp
+       # access. We'll leave that for the wheezy machines.
+       proto tcp dport smtp daddr mail.hcoop.net ACCEPT;
+
         # root needs port 80 for things like apt-get
        mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }