Stephen Satchell:
> I have a mail server running PostFix 3.4.13 (Ubuntu 20.04) and I've
> implemented several suggestions from the mail list to stop
> ne'er-do-wells. Looking at the currently only ports, I see this for
> PostFix:
>
> > tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
> > 1427/master
> > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
> > 1427/master
>
> The server has three interfaces: 127.0.0.1, 10.1.1.33, and a public IP
> address interface. What I want to do is only allow 587 on the first two
> interfaces while enabling port 25 on all three interfaces
So instead of
submission inet... smtpd
in master.cf, specify the IP address and port:
127.0.0.1:submission inet... smtpd
10.1.1.331:submission inet... smtpd
You can't do this with "smtpd -o" options, because such options are
implemented by smtpd, and it is the master that listens on sockets
before it starts an smtpd process. A chicken and egg thing, as it were.
Wietse
