Re: trying to restrict postfix use of port
On Thu, 21 Jan 2010 17:36:41 +0000, Adam Hardy wrote:
> Camaleón on 21/01/10 16:27, wrote:
>>> All I'm saying is that I don't need this, and I'd like to find a way
>>> to shut it down whilst leaving the outbound mail delivery intact.
>> mynetworks_style = host
>> mynetworks = 127.0.0.0/8
> I am using mynetworks_style already but it doesn't stop SMTP listening
> on port 25.
By setting that value you are not disallowing Postfix to listen to port
25. A mail server has to listen at least in "loopback:25" so it can
receive and process e-mails internally, coming from the host itself.
By setting that value what you are preventing is that "another computer"
can send any e-mails to/through your Postfix mailserver. If any of these
values are set, they will be rejected.
> I guess this is just a relatively new situation coming with the advent
> of vservers that just isn't possible.
> I have set smtp_client_restrictions = reject so at least postfix
> responds to external SMTP requests with an aggressive sounding "Client
> host rejected: access denied" message.
That is another approach. You can harden Postfix as much as you want.