Securing Postfix

Securing Postfix

Postfix is a replacement for Sendmail which has several security advantages over Sendmail. Postfix consists of several small programs that perform their own small task. And almost all programs run in a chroot jail. These are just a few examples why Postfix is recommended over Sendmail.

Linux servers that are not dedicated mail or relay servers should not accept external emails. However, it is important for production servers to send local emails to a relay server.

Before you continue on a Red Hat system, make sure Postfix is activated using the following command:

# alternatives –set mta /usr/sbin/sendmail.postfix

The following parameters in /etc/postfix/main.cf should be set to ensure that Postfix accepts only local emails for delivery:

mydestination = $myhostname, localhost.$mydomain, localhost
inet_interfaces = localhost

The parameter mydestination lists all domains to receive emails for. The parameter inet_interfaces specifies the network to liston on.

Once you’ve configured Postfix, restart the mail system with the following command:

# /etc/init.d/postfix restart

To verify whether Postfix is still listening for incoming network request, you can run one of the following commands from another node:

# nmap -sT -p 25 [ip address]
# telnet [ip address] 25

Don’t run these commands on the local host since Postfix is supposed to accept connections from the local node.

Tags: postfix, Securing

Trackback URI | Comments RSS

You must be logged in to post a comment.

ServerBuddies Support Blog

Linux Support Blog

Leave a Reply

E-mail Updates

Archives

Categories

Links