I have a mail server running PostFix 3.4.13 (Ubuntu 20.04) and I've
implemented several suggestions from the mail list to stop
ne'er-do-wells. Looking at the currently only ports, I see this for
PostFix:
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1427/master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1427/master
The server has three interfaces: 127.0.0.1, 10.1.1.33, and a public IP
address interface. What I want to do is only allow 587 on the first two
interfaces while enabling port 25 on all three interfaces
In main.cf, "inet_interfaces = all"
Current master.cf for submission:
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
My question is, can I add the following line after the "submission" line
to limit the interface binding for submission?
-o { inet_interfaces = 127.0.0.1,10.1.1.33 }
If not, what is the proper method and syntax?
(I might decide to limit "submission" to just the 10.1.1.33 interface,
especially if having two addresses raises a problem.)
