[vox-tech] Re:mail server config question

David Rosenstrauch darose at darose.net
Tue Apr 11 07:22:51 PDT 2006 

Whoops - I think I confused you here.  I assumed something about your 
setup that apparently isn't correct and so gave you the wrong advice.

As you're obviously aware, an SMTP server can both receive incoming mail 
and send outgoing mail.  However, very often someone will configure 
their network to have their SMTP server do only 1 of these 2 functions. 
  That's what I have.  I actually have 2 SMTP servers: a mail drop 
server out on the Net that receives email for my domain, and my main 
server in my home that I use for sending outgoing email.

On the mail drop machine the SMTP server is configured to only receive 
emails, and not send any.  On the home server, my firewall blocks the 
SMTP port from receiving any email.  Squirrelmail runs on my home 
server.  I use fetchmail to retrieve messages delivered to the mail 
drop, and pull them down to my home server.

I guess I had assumed that you had a similar setup.  The configuration 
that I've been describing to you is that of my home server (exim + 
courier-imap + squirrelmail + firewall), and since I don't receive any 
messages there directly that explains why I have a firewall blocking the 
SMTP port.

I see now that you want to do this all on 1 box.  And that certainly is 
do-able - even while still managing to block open relaying of messages. 
  If you want to be able for the SMTP server on this box to both send 
and receive messages, while blocking relaying, configure your setup as 
follows:

* use an SMTP server that is pretty well configured out of the box to 
block relaying.  (Most of the major ones are these days I think.)  I use 
and like exim, which has this.

* configure your SMTP server so that it only will accept outgoing mail 
from specific machines on your LAN - or perhaps even just restrict this 
to localhost if there's no other machines on your LAN that you'll be 
sending email from.  In my SMTP server (exim) I configure that with this 
line:

hostlist   relay_from_hosts = 127.0.0.1 : ::::1 : 192.168.0.0/24

* configure your SMTP server so that it only will accept incoming mail 
addressed to specific domains.  In exim I configure that with this line:

domainlist local_domains = @:localhost:darose.net

* open the SMTP port in the firewall


Apologies for the confusion.

BTW, re: dovecot: I really can't offer any advice there having not used 
it.  I can lend a hand with courier-imap, if you should decide to go 
that way.

DR


Cylar Z wrote:
> David:
> 
> I double-checked and it turns out that the SMTP port
> *is* open on my iptables configuration. I don't know
> how it opened (maybe postfix did it) because I'm
> positive it was closed at the time I finished
> installing FC5 on the system. At that time I went in
> and opened 80 and 22, which is why I initially said
> only those were opened.
> 
> Out of curiousity I shut the SMTP port, and sure
> enough, mail was no longer getting through *to* the
> server. (I was still able send mail out to other
> domains.) Receive capability was only restored when I
> opened the port again and rebooted.
> 
> That having been said - do I need to worry about open
> relays or not? I would think *not* because I edited
> the Postfix's main.cf to "only forward mail from the
> local machine." In your opinion, did I go far enough?

More information about the vox-tech mailing list