My existing mail server is running Centos 4 (yes, VERY old -- which is a testament as to the continuing quality of Postfix), with port 25 exposed to the whole wide world. Everything else is restricted by an IPTABLES firewall and TCPwrapper. I was going to wait for CentOS 8 to be released and get some run time by early adopters, but my poor mail server is starting to show signs of wearing out and I may have to pull the trigger sooner.
My question for the user community is this: any gotchas in bringing up Postfix on Centos 7.6.1810 from the Red Hat distribution? Integration with the version of Dovecot in 7.6 from same? Other questions: I'm not going to port over the mail directories from the old server. Everything will be from scratch, so conversions are not an issue. I will be carrying over my header_checks file, though. Do I need to buy a certificate for my domain satchell.net, or will a self-signed certificate be sufficient? The MX is mail.satchell.net for that domain. The other domains described on the old box have expired, so I won't be bringing those over. Significant services running on the new box: PostFix, DoveCot, BIND 9, NTP (actually chrony) Outside access and inside access are split using VLANs on an HP switch (already in my network) to the one and only Ethernet port on the new server, which is a laptop board in a mini-tower case. The outside port will be on an external (access to the world) netblock (75.140.42.118/29?), while the inside port will be in the 10.1.1.0/24 netblock. If needed, I can also have the inside port be on the 10.1.2.0/24 and 10.1.3.0/24 to access isolated equipment. I'm planning on exposing only port 25 (smtp) and rate-limited ICMP to the world. All the rest of the ports, TCP and UDP, plus other IP protocols, will be blocked to outsiders. The local LAN has access to ecerything. I'm considering how to handle output port blocking for those services not needed by a mail server.
