From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sun, 9 Dec 2012 01:36:51 +0000 (-0500)
Subject: Allow mail routing via smarthost
X-Git-Tag: debian/5~1
X-Git-Url: https://git.hcoop.net/hcoop/zz_old/debian/hcoop-firewall-config.git/commitdiff_plain/4c7f0eaa100a9644f00e0326acc90ed6c6d75d8a

Allow mail routing via smarthost
---

diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 500a573..3a6b659 100644
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -52,6 +52,12 @@ table filter {
 	proto (tcp udp) dport ntp ACCEPT;
 	proto (tcp udp) dport domain ACCEPT;
 
+	# Allow mail to be routed to smarthost. This may be less than
+	# idea: it seems safer to generate a list of system users to
+	# allow, and then require individual members to request smtp
+	# access. We'll leave that for the wheezy machines.
+	proto tcp dport smtp daddr mail.hcoop.net ACCEPT;
+
         # root needs port 80 for things like apt-get
 	mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }