Print

Postfix secure to localhost only

Written by Peter Davies on .

This is an obvious one really but I recently spotted quite a few attempts by spammers to send bank-related messages through one of our boxes:

server user # netstat -tulpn | grep 25
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN         1417/master

server user # nano /etc/postfix/main.cf

Locate the line with "inet_interfaces" and change the line to include 127.0.0.1

server user # /etc/init.d/postfix restart

 * Stopping postfix (/etc/postfix) ...       [ ok ]
 * Starting postfix (/etc/postfix) ...       [ ok ]

server user # netstat -tulpn | grep 25
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     1627/master

At this stage it shows that listening address is now only localhost. You can double check what's happening by checking various logs like:

tail -f /var/log/messages

Also note though, any PHP script sending mail would be classified as "local" so you really need to check any scripts for injection vulnerabilities.