[SOLVED] Using hosts.allow to allow only postfix to use port 25

Mogget · 03-27-2009, 08:08 PM

My question is.

Is it possible to use /etc/hosts.allow or something similar to block everything except postfix smtp on my port 25 out and in? I've opened up the port with iptables but after walking through the man pages i don't see any option to say which program can use the open port in iptables.

Thanks in advance for taking your time to answer this question.

chrism01 · 03-28-2009, 01:27 AM

Only one program at a time can bind to a specific port, so if postfix has attached to that port (ie usual setup) then you don't need to worry.
Postfix if an SMTP server, so it won't give up that port unless you kill postfix.
Note that a port isn't really 'open' unless a program is attached to it. Its a bit of a misnomer, its not like a porthole on a ship...

Mogget · 03-28-2009, 04:32 AM

I do know that if there is nothing listening to the port then the port can be considered "closed" but i didn't know that one can only have one listening service per port. Thank you very much to for clearing that up for me.

reptiler · 03-28-2009, 04:36 AM

The only thing I know of that is capable of limiting a service to a specific port, or the other way around, is SELinux.
Possibly also AppArmor can do it, but I can't confirm that.