Hi everyone,

maybe some body can tell me how can I secure postfix ?

After standard installation it looks like everybody using telnet can connect to my server and send email...

How can I restrict telnet connection to server ?


I`m using Debian 4 Etch.


dlugasx

I don't think you've really understood what it means to use telnet to connect to postfix. Telnet is just used as a very basic network application which allows direct interaction with something at the other end of a TCP connection. you are not literally "telnetting" to it, despite the language used, as it is not the telnet protocol being used, just basic TCP. You can't block the use of the telnet application itself as there is nothing within SMTP to allow the mail client to identify what it is - thunderbird, outlook, mutt, telnet... all say the same things over SMTP.

If you forget about the telnet side completely, if you want to restrict access you can...

- use ssl / tls instead to encrypt the connection (telnet connections will still work just super if used over a ssl tunnel application like stunnel)

- restrict connections to certain IP addresses (again telnet is still completely possible from those permitted sources but no connectivity at all is allowed from other addresses)

there is *nothing* wrong with using telnet to debug things, it is not evil, and if you think it is, then you're mistaken.

just make sure the sever is no open relay.
so people using telnet to sent mail are not allowed.

How can I check it ?


I found some website where You can check if server is open relay or not

http://www.spamhelp.org/shopenrelay/

It looks like postfix is not open relay by default.

by default postfix is not an open relay, but you can surely misconfigure postfix to make it an open relay..

Always a good idea to test..