Am 28.11.2016 um 19:18 schrieb rich.gre...@hushmail.com: > Okay, I am already using letsencrypt.org for my port 443 traffic. So > once I have it extended to also cover SMPT on port 587, would it be > acceptable to disable port 25, or is port 25 still needed (perhaps to > suggest to clients that it isn't accepting any traffic except 587)
If you do not expect to _receive_ any _external_ emails on that server/machine, you can disable port 25 and just stick to port 587. On the other hand if you just narrow down access by appropriate postfix configuration, nobody can access it unless you permit it specifically in those configuration settings. Then it doesn't hurt being there. You might find some attempts of relay, maybe. The availability of port 587 for sure is no guarantee other (malicious) parties don't go for port 25 as well... If you really want to prevent port 25 traffic inbound, block it globally on the external interface in the firewall. > I have to admit, I have no idea how letsencrypt.org works. For years, I just > made self-signed certificates and it worked okay, until some mover-shaker > type decided we can't do that anymore, and made it brutally difficult to > access my website for typical users. Out of concern of the same happening to > email clients, I won't make any more self-signed certificates. I never > expected that letsencrypt.org would support email services as well, so their > HOWTO docs for SMTP encryption is my next stop. I use the same certificate for postfix, apache, dovecot, proftpd, etc... (from cacert.org). -- Florian Piekert flo...@floppy.org Spargelweg 5 Telephone+Fax: +49-700-00floppy 38179 Schwülper-Walle/Germany +49-179- 3928582 =========================================================================== Note: this message was send by me *only* if the eMail message contains a correct pgp signature corresponding to my address at flo...@floppy.org. Do you need my PGP public key? Check out http://www.floppy.org or send me an email with the subject "send pgp public key" to this address of mine. Thx!
signature.asc
Description: OpenPGP digital signature
