FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-22-2010, 06:29 AM
Camaleón
 
Default trying to restrict postfix use of port

On Fri, 22 Jan 2010 00:44:34 +0000, Adam Hardy wrote:

> Camaleón on 21/01/10 20:04, wrote:
>> A mail server has to listen at least in "loopback:25" so it can receive
>> and process e-mails internally, coming from the host itself.
>
> Aha. Now we get to the crux of the matter.
>
> Is it a feature of SMTP itself, that it cannot send an email without
> port 25 because it has to receive the email it is going to send first,
> even if only locally as in my case, but nevertheless on port 25?

I'm not sure you can change that (at least for the loopback interface),
but you can try it. Here is the doc to instruct Postfix to listen in
another port:

***
16. How can I get Postfix to listen on a port other than 25?
http://www.seaglass.com/postfix/faq.html#chprt
***

But remember that "obfuscation" is not, my any means, a synonym of
"security" :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-22-2010, 12:25 PM
Eduardo M KALINOWSKI
 
Default trying to restrict postfix use of port

On Qui, 21 Jan 2010, Adam Hardy wrote:

Aha. Now we get to the crux of the matter.

Is it a feature of SMTP itself, that it cannot send an email without
port 25 because it has to receive the email it is going to send
first, even if only locally as in my case, but nevertheless on port
25?


I don't know about postfix, but exim can receive mail via stdin, if
called with some option. Generally there is a link (/usr/lib/sendmail)
that serves that purpose.


But I'm not sure if it will work if exim is not running as a deamon.
You might want to ask the exim mailing list.



--
No house is childproofed unless the little darlings are in straitjackets.

Eduardo M KALINOWSKI
eduardo@kalinowski.com.br


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-22-2010, 12:57 PM
John Hasler
 
Default trying to restrict postfix use of port

Eduardo writes:
> ...but exim can receive mail via stdin, if called with some
> option. Generally there is a link (/usr/lib/sendmail) that serves that
> purpose.

> But I'm not sure if it will work if exim is not running as a deamon.

It will.
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-25-2010, 12:15 AM
Adam Hardy
 
Default trying to restrict postfix use of port

Adam Hardy on 21/01/10 17:36, wrote:

Camaleón on 21/01/10 16:27, wrote:

The point is that I don't want to have port 25 open to the world,
since I don't want to receive any emails on this system, I just want
to send.

[snipped]
That is the standard setup for Postfix. But that does not mean your
host is an acting as an "open relay". Anyway, you can also tweak that
behaviour.

All I'm saying is that I don't need this, and I'd like to find a way to
shut it down whilst leaving the outbound mail delivery intact.


mynetworks_style = host

or
mynetworks = 127.0.0.0/8


I am using mynetworks_style already but it doesn't stop SMTP listening
on port 25.


I guess this is just a relatively new situation coming with the advent
of vservers that just isn't possible.


I have set smtp_client_restrictions = reject so at least postfix
responds to external SMTP requests with an aggressive sounding "Client
host rejected: access denied" message.


One small problem having postfix listen unnecessarily to the whole world is that
syslog logs all spam merchants attempts to abuse my postfix as an open relay. I
guess I can ignore them but I wish I didn't even get them.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-25-2010, 01:08 AM
Stan Hoeppner
 
Default trying to restrict postfix use of port

Adam Hardy put forth on 1/24/2010 7:15 PM:
> Adam Hardy on 21/01/10 17:36, wrote:
>> Camaleón on 21/01/10 16:27, wrote:
>>>>>> The point is that I don't want to have port 25 open to the world,
>>>>>> since I don't want to receive any emails on this system, I just want
>>>>>> to send.
>>> [snipped]
>>> That is the standard setup for Postfix. But that does not mean your
>>> host is an acting as an "open relay". Anyway, you can also tweak that
>>> behaviour.
>>>> All I'm saying is that I don't need this, and I'd like to find a way to
>>>> shut it down whilst leaving the outbound mail delivery intact.
>>>
>>> mynetworks_style = host
>>>
>>> or
>>> mynetworks = 127.0.0.0/8
>>
>> I am using mynetworks_style already but it doesn't stop SMTP listening
>> on port 25.
>>
>> I guess this is just a relatively new situation coming with the advent
>> of vservers that just isn't possible.
>>
>> I have set smtp_client_restrictions = reject so at least postfix
>> responds to external SMTP requests with an aggressive sounding "Client
>> host rejected: access denied" message.
>
> One small problem having postfix listen unnecessarily to the whole world
> is that syslog logs all spam merchants attempts to abuse my postfix as
> an open relay. I guess I can ignore them but I wish I didn't even get them.

Sorry I missed this thread earlier. Open /etc/postfix/master.cf and comment out
the following line with a leading #:

smtp inet n - - - - smtpd

Save the file, then execute /etc/init.d/postfix restart

You are now no longer listening for smtp connections on TCP 25, but can still
send mail generated on the local machine out through the Postfix smtp client
using the Postfix sendmail command.

If you need to be able to relay email from internal clients outbound to the net,
uncomment the following line in /etc/postfix/master.cf to enable the secure
smtpd submission listener on TCP 587:

#587 inet n - n - - smtpd -o
smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

Again, execute /etc/init.d/postfix restart to enable the listener daemon.
Configure the client MUA as you would a home PC with ISP mail. Tell it to
submit to TCP 587 on the server's IP address, enter a proper local username and
password. Your Postfix should now be relaying submission mail outbound to the
world whilst not listening on the standard smtp port, TCP 25.

Let me know if you need further assistance.

--
Stan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-25-2010, 06:39 AM
Camaleón
 
Default trying to restrict postfix use of port

On Mon, 25 Jan 2010 01:15:25 +0000, Adam Hardy wrote:

> One small problem having postfix listen unnecessarily to the whole world
> is that syslog logs all spam merchants attempts to abuse my postfix as
> an open relay. I guess I can ignore them but I wish I didn't even get
> them.

If your provider is not capable to close port "xx" for you, consider
using your own firewall ;-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-25-2010, 10:53 PM
Adam Hardy
 
Default trying to restrict postfix use of port

Stan Hoeppner on 25/01/10 02:08, wrote:

Adam Hardy put forth on 1/24/2010 7:15 PM:

Adam Hardy on 21/01/10 17:36, wrote:

Camaleón on 21/01/10 16:27, wrote:

The point is that I don't want to have port 25 open to the world,
since I don't want to receive any emails on this system, I just want
to send.

[snipped]
That is the standard setup for Postfix. But that does not mean your
host is an acting as an "open relay". Anyway, you can also tweak that
behaviour.

All I'm saying is that I don't need this, and I'd like to find a way to
shut it down whilst leaving the outbound mail delivery intact.

mynetworks_style = host

or
mynetworks = 127.0.0.0/8

I am using mynetworks_style already but it doesn't stop SMTP listening
on port 25.

I guess this is just a relatively new situation coming with the advent
of vservers that just isn't possible.

I have set smtp_client_restrictions = reject so at least postfix
responds to external SMTP requests with an aggressive sounding "Client
host rejected: access denied" message.

One small problem having postfix listen unnecessarily to the whole world
is that syslog logs all spam merchants attempts to abuse my postfix as
an open relay. I guess I can ignore them but I wish I didn't even get them.


Sorry I missed this thread earlier. Open /etc/postfix/master.cf and comment out
the following line with a leading #:

smtp inet n - - - - smtpd

Save the file, then execute /etc/init.d/postfix restart

You are now no longer listening for smtp connections on TCP 25, but can still
send mail generated on the local machine out through the Postfix smtp client
using the Postfix sendmail command.


Stan,
that was the silver bullet I was looking for. I was v. hesitant about going into
the master.cf and messing anything up, but that change does exactly what I wanted.


Thanks v much
Adam


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org