Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-01-2010, 11:14 AM   #1
LQ Newbie
Registered: Jun 2008
Posts: 5

Rep: Reputation: 0
Question Postfix security

Hi all... venturing into unfamiliar territory so I'm hoping someone can help me and make things a little more understandable for me.

I have setup Postfix on a standalone server connected directly to the internet. I have got inbound and outbound email working for the most part, but I am worried about security.

My fear is that if I leave port 25 open to the outside world spammers will find this and start relaying mail through it and eventually blacklisting the IP attached to this box.

For now, I am hosting mail for a single domain and single user (me) with a few aliases. I plan on expanding to IMAP and SMTP access from the outside at some point, but for now I've been using Mutt in a shell and it's fine for my needs for now.

Here are my current Postfix settings:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination =,, , localhost,
myhostname =
mynetworks =
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

I'm thinking the mynetworks parameter will stop all mail relay from the outside world, but I have port 25 open and I can telnet to it from the internet.

Again, this is a standalone host with a public IP address (no NAT) and a Shorewall/IPTABLES firewall configured.

Any insight appreciated
Old 07-01-2010, 04:04 PM   #2
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 167Reputation: 167
You should be considering SMTP AUTH at a minimum and verifying you're not an open relay through one of the many checkers online ( has a few nice tools). It would also be useful to read about how to close an open relay and what steps you can take against being an open relay. As you increase incoming mail you're likely going to want a spam filter of some kind too and to implement some of the more advanced spam filtering techniques like greylisting, uri rbl, etc.
Old 07-01-2010, 04:22 PM   #3
LQ Newbie
Registered: Jun 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks so much! The mxtoolbox site is a great resource, I was able to scan my mailserver and it IS NOT an open relay!!! Success

Now that I've got a minimal config I can focus on making it be more accessable
Old 07-01-2010, 04:45 PM   #4
Registered: Aug 2006
Distribution: Slackware
Posts: 804

Rep: Reputation: 110Reputation: 110
@ rweaver: I'm gonna have to thank you for that site as well. Never knew it existed.


email, postfix, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix plain password auth with tls security m2azer Linux - Newbie 1 01-13-2009 10:48 PM
How to: POSTFIX disable relay / forwarding (mail security) redhat 5.1 musical_spirit Linux - Newbie 2 05-19-2008 06:39 PM
How to configure Postfix to enhance the security? zazem Linux - Security 4 05-14-2008 08:41 AM
postfix security events gabsik Linux - Security 4 03-14-2007 03:10 AM
Postfix+OpenLDAP+Oracle+Security lynos Linux - Networking 0 08-29-2005 08:23 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:12 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration