JP Vossen on 18 Dec 2008 14:33:50 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Need help with Postfix config

My Covad/Speakeasy went down Monday and isn't back yet, so I've moved my 
server to a colo, but I'm a little stuck getting some parts working. 
Basically, since it was on a LAN DMZ before, I need to lock it down a bit.

Port 25 was always wide open to the world, so I have Postfix locked down 
pretty well for relaying & spam.  Which is the problem.  Now my clients 
can't use that server to send outgoing (which I want to do).

I have worked around the problem for now (since you are reading this) by 
adding my FiOS IPA to my Postfix 'mynetworks' in /etc/postfix/, 
but that's not an ideal solution for various reasons.  Also, I got 
IMAP/SSL working on 993, but have nothing for SMTP yet.  What I *think* 
I want to do is leave 25/TCP alone (for incoming mail from Internet 
servers) and run SMTP/SSL on 465/TCP, and authenticate users on that 
port via PAM for outgoing mail.

Can anyone a) suggest something better or b) provide Postfix config clues?

BTW I have enough points in CACert to get my SSL certs from there, which 
I did for the IMAP/SSL and can do for the SMTP/SSL as well.

JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --