l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2006 Apr 11 12:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re:mail server config question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re:mail server config question

Whoops - I think I confused you here. I assumed something about your setup that apparently isn't correct and so gave you the wrong advice.

As you're obviously aware, an SMTP server can both receive incoming mail and send outgoing mail. However, very often someone will configure their network to have their SMTP server do only 1 of these 2 functions. That's what I have. I actually have 2 SMTP servers: a mail drop server out on the Net that receives email for my domain, and my main server in my home that I use for sending outgoing email.

On the mail drop machine the SMTP server is configured to only receive emails, and not send any. On the home server, my firewall blocks the SMTP port from receiving any email. Squirrelmail runs on my home server. I use fetchmail to retrieve messages delivered to the mail drop, and pull them down to my home server.

I guess I had assumed that you had a similar setup. The configuration that I've been describing to you is that of my home server (exim + courier-imap + squirrelmail + firewall), and since I don't receive any messages there directly that explains why I have a firewall blocking the SMTP port.

I see now that you want to do this all on 1 box. And that certainly is do-able - even while still managing to block open relaying of messages. If you want to be able for the SMTP server on this box to both send and receive messages, while blocking relaying, configure your setup as follows:

* use an SMTP server that is pretty well configured out of the box to block relaying. (Most of the major ones are these days I think.) I use and like exim, which has this.

* configure your SMTP server so that it only will accept outgoing mail from specific machines on your LAN - or perhaps even just restrict this to localhost if there's no other machines on your LAN that you'll be sending email from. In my SMTP server (exim) I configure that with this line:

hostlist relay_from_hosts = : ::::1 :

* configure your SMTP server so that it only will accept incoming mail addressed to specific domains. In exim I configure that with this line:

domainlist local_domains = @:localhost:darose.net

* open the SMTP port in the firewall

Apologies for the confusion.

BTW, re: dovecot: I really can't offer any advice there having not used it. I can lend a hand with courier-imap, if you should decide to go that way.


Cylar Z wrote:

I double-checked and it turns out that the SMTP port
*is* open on my iptables configuration. I don't know
how it opened (maybe postfix did it) because I'm
positive it was closed at the time I finished
installing FC5 on the system. At that time I went in
and opened 80 and 22, which is why I initially said
only those were opened.

Out of curiousity I shut the SMTP port, and sure
enough, mail was no longer getting through *to* the
server. (I was still able send mail out to other
domains.) Receive capability was only restored when I
opened the port again and rebooted.

That having been said - do I need to worry about open
relays or not? I would think *not* because I edited
the Postfix's main.cf to "only forward mail from the
local machine." In your opinion, did I go far enough?
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.