Re: trying to restrict postfix use of port

To: debian-user@lists.debian.org
Subject: Re: trying to restrict postfix use of port
From: Camaleón <noelamac@gmail.com>
Date: Thu, 21 Jan 2010 20:04:22 +0000 (UTC)
Message-id: <[🔎] pan.2010.01.21.20.04.23@gmail.com>
References: <[🔎] 4B5462E4.7040400@cyberspaceroad.com> <[🔎] 20100118134000.GF3179@think.homelan> <[🔎] 4B548028.70608@cyberspaceroad.com> <[🔎] pan.2010.01.18.17.30.00@gmail.com> <[🔎] 4B549F23.7030709@cyberspaceroad.com> <[🔎] pan.2010.01.18.18.35.31@gmail.com> <[🔎] 4B5501F0.2050105@cyberspaceroad.com> <[🔎] pan.2010.01.19.07.47.12@gmail.com> <[🔎] 4B55ACDF.7060309@cyberspaceroad.com> <[🔎] pan.2010.01.19.14.56.42@gmail.com> <[🔎] 4B55F16F.9030001@cyberspaceroad.com> <[🔎] 4B5752FC.4020804@cyberspaceroad.com> <[🔎] pan.2010.01.20.20.06.51@gmail.com> <[🔎] 4B576D04.9040005@cyberspaceroad.com> <[🔎] pan.2010.01.20.21.30.47@gmail.com> <[🔎] 4B57993D.4020200@cyberspaceroad.com> <[🔎] pan.2010.01.21.12.29.24@gmail.com> <[🔎] 4B58529E.20406@cyberspaceroad.com> <[🔎] pan.2010.01.21.14.19.20@gmail.com> <[🔎] 4B586885.5030305@cyberspaceroad.com> <[🔎] pan.2010.01.21.15.44.39@gmail.com> <[🔎] pan.2010.01.21.16.27.33@gmail.com> <[🔎] 4B5890A9.2070604@cyberspaceroad.com>

On Thu, 21 Jan 2010 17:36:41 +0000, Adam Hardy wrote:

> Camaleón on 21/01/10 16:27, wrote:

>>> All I'm saying is that I don't need this, and I'd like to find a way
>>> to shut it down whilst leaving the outbound mail delivery intact.
>> 
>> mynetworks_style = host
>> 
>> or
>> 
>> mynetworks = 127.0.0.0/8
> 
> I am using mynetworks_style already but it doesn't stop SMTP listening
> on port 25.

By setting that value you are not disallowing Postfix to listen to port 
25. A mail server has to listen at least in "loopback:25" so it can 
receive and process e-mails internally, coming from the host itself.

By setting that value what you are preventing is that "another computer" 
can send any e-mails to/through your Postfix mailserver. If any of these 
values are set, they will be rejected.

> I guess this is just a relatively new situation coming with the advent
> of vservers that just isn't possible.
> 
> I have set smtp_client_restrictions = reject so at least postfix
> responds to external SMTP requests with an aggressive sounding "Client
> host rejected: access denied" message.

That is another approach. You can harden Postfix as much as you want.

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: trying to restrict postfix use of port
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>

References:
- question about sending mail and postfix
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: question about sending mail and postfix
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: question about sending mail and postfix
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: question about sending mail and postfix
  - From: Camaleón <noelamac@gmail.com>
- Re: question about sending mail and postfix
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: question about sending mail and postfix
  - From: Camaleón <noelamac@gmail.com>
- Re: question about sending mail and postfix
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: question about sending mail and postfix
  - From: Camaleón <noelamac@gmail.com>
- Re: question about sending mail and postfix
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: question about sending mail and postfix
  - From: Camaleón <noelamac@gmail.com>
- Re: question about sending mail and postfix
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- trying to restrict exim smtp to specific IP
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: trying to restrict exim smtp to specific IP
  - From: Camaleón <noelamac@gmail.com>
- Re: trying to restrict exim smtp to specific IP
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: trying to restrict exim smtp to specific IP
  - From: Camaleón <noelamac@gmail.com>
- Re: trying to restrict exim smtp to specific IP
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: trying to restrict exim smtp to specific IP
  - From: Camaleón <noelamac@gmail.com>
- Re: trying to restrict postfix use of port [was trying to restrict exim smtp to specific IP]
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: trying to restrict postfix use of port [was trying to restrict exim smtp to specific IP]
  - From: Camaleón <noelamac@gmail.com>
- Re: trying to restrict postfix use of port
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>
- Re: trying to restrict postfix use of port
  - From: Camaleón <noelamac@gmail.com>
- Re: trying to restrict postfix use of port
  - From: Camaleón <noelamac@gmail.com>
- Re: trying to restrict postfix use of port
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>

Prev by Date: Multi-repository project manager
Next by Date: Re: Synchronize two computers
Previous by thread: Re: trying to restrict postfix use of port
Next by thread: Re: trying to restrict postfix use of port
Index(es):
- Date
- Thread