Adam Hardy put forth on 1/24/2010 7:15 PM: > Adam Hardy on 21/01/10 17:36, wrote: >> Camaleón on 21/01/10 16:27, wrote: >>>>>> The point is that I don't want to have port 25 open to the world, >>>>>> since I don't want to receive any emails on this system, I just want >>>>>> to send. >>> [snipped] >>> That is the standard setup for Postfix. But that does not mean your >>> host is an acting as an "open relay". Anyway, you can also tweak that >>> behaviour. >>>> All I'm saying is that I don't need this, and I'd like to find a way to >>>> shut it down whilst leaving the outbound mail delivery intact. >>> >>> mynetworks_style = host >>> >>> or >>> mynetworks = 127.0.0.0/8 >> >> I am using mynetworks_style already but it doesn't stop SMTP listening >> on port 25. >> >> I guess this is just a relatively new situation coming with the advent >> of vservers that just isn't possible. >> >> I have set smtp_client_restrictions = reject so at least postfix >> responds to external SMTP requests with an aggressive sounding "Client >> host rejected: access denied" message. > > One small problem having postfix listen unnecessarily to the whole world > is that syslog logs all spam merchants attempts to abuse my postfix as > an open relay. I guess I can ignore them but I wish I didn't even get them.
Sorry I missed this thread earlier. Open /etc/postfix/master.cf and comment out the following line with a leading #: smtp inet n - - - - smtpd Save the file, then execute /etc/init.d/postfix restart You are now no longer listening for smtp connections on TCP 25, but can still send mail generated on the local machine out through the Postfix smtp client using the Postfix sendmail command. If you need to be able to relay email from internal clients outbound to the net, uncomment the following line in /etc/postfix/master.cf to enable the secure smtpd submission listener on TCP 587: #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes Again, execute /etc/init.d/postfix restart to enable the listener daemon. Configure the client MUA as you would a home PC with ISP mail. Tell it to submit to TCP 587 on the server's IP address, enter a proper local username and password. Your Postfix should now be relaying submission mail outbound to the world whilst not listening on the standard smtp port, TCP 25. Let me know if you need further assistance. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
