>> I thought my postfix setup was configured to send mail on port 587 and >> receive mail on port 25, so I was surprised to find that I could send >> mail from the local machine on port 25. Is my config OK? > > Postfix never sends mail *from* TCP 25 or TCP 587. These are receive > ports. Outbound connections occur on high ports. You're not properly > describing your use case, actually not at all. Would you please?
You're right, I didn't word that correctly. I thought mail received on port 25 could only be delivered locally with my config, but I was able to send mail to any destination via port 25. The mail client and mail server are on the same machine. > Provide full 'postconf -n' output, never main.cf snippets. This was in > your list welcome message. If you'd posted that we already have an > answer for you. My config works, but does it look OK from a security perspective? # postconf -n command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = .maildir/ html_directory = no inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 40960000 mydestination = example1.com example2.com myhostname = example1.com mynetworks_style = host newaliases_path = /usr/bin/newaliases postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_greet_action = enforce postscreen_non_smtp_command_action = enforce postscreen_non_smtp_command_enable = yes postscreen_pipelining_action = enforce postscreen_pipelining_enable = yes queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_exclude_ciphers = aNULL smtpd_recipient_restrictions = reject_unauth_destination, permit smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/postfix/newcert.pem smtpd_tls_exclude_ciphers = aNULL smtpd_tls_key_file = /etc/ssl/postfix/newkey.pem smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_relay_restrictions= - Grant
